The upward trend of customers using online channels for banking and financial services has expanded the opportunities for criminals and cyber-crime!
Due to many banks having more sophisticated IT security systems, criminals are turning away from tightly secured bank computers and are instead looking toward the potentially weaker computer systems of bank clients. More and more attacks are also being committed against small and medium-sized businesses. Some of the most common approaches for criminals to compromise end-user data are to take advantage of users visiting unsecured networks or compromised websites, not having up-to-date virus protection and security patches, or opening attachments with embedded malware or Trojan software.
Bank of Central Florida has the expectation that each customer will take any and all reasonable precautions to reduce the likelihood of computer-related fraud. There is not one best approach for online security, but we would like to offer several recommendations:
- Anti-Virus Software. Be sure to install anti-virus, anti-spyware, malware, and adware detection software from a reputable vendor on to your computer and keep it up to date. You may need to have a professional scan and repair your computer for viruses, malware, and Trojans if your computer has been infected.
- Computer Updates. Make sure the computer you are using has the most current updates and patches released by Microsoft, Java, and Adobe. Most of the updates are security patches for browsers such as Internet Explorer, Mozilla Firefox, and other software that could potentially expose the computer to hacking.
- Secure Site. Make sure your banking site (URL) starts with https:// and not http://. The “s” indicates a secure transaction using a different method of communication than standard Internet traffic. A security icon that looks like a closed padlock or key appears when the site is authenticated.
- Do Not Use Links. Never use a link to reach a financial institution’s website. Type in your bank’s website address into the Internet browser’s address bar every time.
- Public Computer. Never access your financial institution’s website from a public computer at a hotel, library, airport, or public wireless access point.
- Website Familiarity. Know what your financial institution’s website looks like and which questions are asked to verify your identity. Some attacks, known as man-in-the-middle attacks, will change the login page. A user can sometimes spot these attacks by noticing slight modifications to the bank’s standard page, such as extra security questions, poor grammar, misspellings, a fuzzy or older bank logo, or a change to the location of each feature. A typical malware behavior will also ask a user to enter their user ID, password, and security information three or four times and will then post a message that the site is down for maintenance or servicing. Online Banking sites will not be down for maintenance during normal business hours. If the site is down for any reason, you will see that message in advance and the log in screen will not be accessible.
- Suspicious E-Mails. Be extremely suspicious of e-mails purporting to be from your financial institution, a government agency, or any suspicious e-mails from unknown sources. Financial institutions should never contact you via e-mail to request you to verify information. If you believe the contact may be legitimate, do NOT use the link provided in the e-mail; instead, type the website address of your financial institution into your Internet browser’s address bar or contact your financial institution at a phone number you know is valid. Likewise, NEVER open links, attachments, images, or macro features in unsolicited e-mails/documents or reply to unknown e-mail communication since they may contain viruses.
- Online Purchase Transactions. Avoid using debit cards for online transactions, as this provides direct access to your bank account. If you use a credit card to shop online, use only one credit card with a low credit limit. Monitor the activity on the card as often as possible.
- Log Off Properly. Properly log out of all financial institution websites before closing the browser window.
- Shut Off Computer. Always lock or shut off your computer when you leave it unattended. Set your computer to automatically lock after a set period of inactivity (i.e. 15 minutes).
- Passwords. Use strong passwords (at least 10 characters combining uppercase and lowercase letters, numbers, and symbols) and change them frequently. Do not allow your computer to save your login names or passwords and keep them confidential. Do not use your login or password for your financial institution on any other website or software. Bank of Central Florida will never request login user names, passwords, or answers to security questions from our clients on an unsolicited basis under any circumstances.
- Use Different Computer. Do not use the same computer for financial transactions that children or non-savvy Internet users utilize for regular Internet access.
- Posting Personal Information. Do not post your personal information on the Internet. Your high school, maiden name, date of birth, first car, first school, youngest sibling’s name, mother’s full name, father’s full name, etc. are the answers to many security questions on financial websites. When you post this information, you are making it easier for criminals to gain access to your financial information. In addition, never send confidential information, such as your account number, Social Security number, etc., in an Internet e-mail or over an unsecure website.
- Alerts. Check with your financial institution about enabling “Alerts” and other security measures that may be available. Bank of Central Florida does have Online Banking alerts for such areas as minimum balance, maximum balance, transfers, deposits completed, checks completed, and CD maturity.
- Report Suspicious Activity. Regularly log in to your online accounts and check your bank and credit card statements to ensure transactions are legitimate. Immediately report any suspicious activity on your
account(s). There is a limited recovery window and a rapid response may prevent additional losses.
Links to additional security suggestions can be found on the Client Protection page of this website.
Business Fraud Protection Best Practices
Billions of dollars are lost to business fraud each year, with smaller businesses tending to suffer disproportionately larger losses. Many of the aforementioned security best practices can also be applied to your business to reduce the risk of fraud. It also is suggested that your business conduct a risk assessment and identify controls and safeguards that can be implemented to minimize fraud, which may include the protections listed below:
- Establish Internal Controls
- Limit electronic access to financial information or sensitive documents.
- Develop procedures that control how financial transactions are made and implement review and authorization procedures.
- Utilize dual control and dual approval for any functions that move money out of an account, such as ACH or wires.
- Review and reconcile accounts daily.
- Secure and Maintain Computer Systems
- Maintain appropriate network user access security if computers are networked and educate all personnel on good cyber security practices.
- Ensure firewalls, anti-virus software and spyware prevention software is installed and kept up-to date on all computers. Consider installation of a firewall and install all computer operating system patches and updates.
- Maintain the physical security of computers and limit access to those computers that are used for sensitive functions.
- Limit Internet access on business computers to business requirements. Consider using a dedicated computer for all of your financial transactions and avoid the use of public computers.
- Do not download or install software from unknown third parties or open e-mail or e-mail attachments from an unknown source.
- If you suspect malware is lurking on your computer, stop banking and other online activities that involve user names, passwords, and other sensitive information. Malware could be sending your personal information to identity thieves. You may want to call in professional help to diagnose and correct any problems.
- Supervise and Monitor Financial Transactions
- Adequately supervise all employees who take part in business finances.
- Continually review wires, transfers, payroll, and business checks or use an automated monitoring system.
- Consider using bank “positive pay” arrangements and/or “ACH debit block” service to minimize fraud.
- Personally review your bank statements and restrict access to financial documents, checks, credit cards, and cash.
- Carefully review your business’ bank account(s) for fraudulent activity. If anything suspicious is detected, immediately call your bank representative.
Bank of Central Florida’s Treasury Management department includes fraud prevention tips on its periodic newsletters that are forwarded to clients who wish to receive them. The Treasury Management newsletters can also be accessed by clicking the following links:
NACHA - Tools, resources, and sound business practices are available to help businesses mitigate Corporate Account Takeover.
OnGuard Online – Provides practical tips from the federal government and technology industry to help be on guard against Internet fraud, secure your computer, and protect your personal information.
Stay Safe Online – Sponsored by the National Cyber Security Alliance whose mission is to educate on the use of Internet security at home, work, and school.
Internet Crime Complaint Center – Mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the expanding arena of cyber crime.
SecureFlorida – Stay safe through computer protection tips for both consumers and businesses.
FTC Start with Security : A Guide for Business – Practical lessons businesses can learn about keeping sensitive data secure.