Corporate Account Takeover is a form of business identity theft where cyber thieves gain control of a business’ bank account by stealing employee passwords and other valid credentials. Thieves can then initiate fraudulent wire and ACH transactions to accounts controlled by thieves.
Businesses across the United States have suffered large financial losses from electronic crimes through the banking system. These thefts have ranged from a few thousand to several million dollars. They have occurred in banks of all sizes and locations. It is important to remember that electronic crimes are dynamic as cyber criminals continually change their techniques. Additional changes in risk management processes and controls will be necessary as this type of theft continues to evolve. To that end, we walk a fine line between protecting you, our customer, while at the same time making online banking a pleasant and convenient experience.
We are providing the information below to make you aware and to strengthen your own security while operating online.
- Layers of Security Protection Provided by Farmers Bank & Trust
- Security Recommended Best Practices for Online Banking Customers
Farmers Bank & Trust strongly urges all commercial customers to perform an evaluation of their company’s security procedures by performing their own risk assessment and developing a best-practices security check list to be used for periodic evaluation of their internal security posture.
Layers of Security Protection Provided by Farmers Bank & Trust:
Protection provided to Cash Management ACH and Wire Originators:
- Password Updates and Strength Password updates are an essential piece of multi-layered security. We strongly encourage you to change your password periodically and to always create strong, complex passwords.
- Secure Credential (auto generated security codes) Secure credentials are required for each cash user who can access your online banking. This randomly generated security code is obtained either via physical token or by a code generating app on your smart phone or other device. The code is entered along with your individual user ID and password at the time of login. This code ensures that each user is receiving a part of the secure login information that only he/she has access to.
- Watermark Verification Previously selected watermark feature displays at login to confirm the authentic NetTeller site.
- Prior Login Information System information is displayed showing the user the date and time of last login using their credentials.
- New User Held The “new user held” feature is used to prevent new and modified cash users from logging in until their identity has been verified by us.
- Exposure Limits Exposure limits are set to establish maximum ACH and wire transfer limits allowed per day as well as the per cash management user limit.
- Challenge Questions and PIN This feature will prompt or “challenge” any user to answer personal security questions at the time an ACH batch or wire transfer is initiated. For wire transfers, you will also be required to enter your unique four-digit PIN.
- File Verification and/or Call Back It is strongly recommended that all ACH batches are accompanied by an ACH transmittal form that has been completed and signed by an authorized user of the company. The form can be faxed or emailed to the bank for verification of ACH file total received. For wires, the bank will perform a call back if the wire is over a certain dollar amount.
- Dual Control Dual control prevents a single user from creating, then initiating or transmitting an ACH batch or wire transfer. We STRONGLY recommend cash management customers utilize this functionality.
- Email/Text Alerts Email and/or text alerts can be set up to notify you of submitted ACH or wire activity allowing you to monitor this critical activity on your account.
- Trusted IP Addresses When possible we utilize this feature to establish valid IP addresses for each NetTeller ID, preventing login on any unmatched device.
- Time Restrict This feature, when activated by the Admin user, is used to establish valid days of the week/time of day limitations for each user and prevents login outside the established times.
- ACH or Wire Abnormal Activity Our system is set to identify any activity which it may detect as a new transaction that may be created from within your online banking. Examples include a new wire transfer which exceeds a certain dollar amount, a new or modified ACH transaction that contains a new routing and account number to which you have not previously originated, or an ACH batch that was initiated and then uninitiated.
- Abnormal Geographic Login Our system may detect any logins attempts that occur outside of your normal geographic location.
Protection provided to Remote Deposit Capture customers:
- Password Expiration and Strength While it may seem inconvenient to change your RDC password periodically, this is an essential piece of multi-layered security. In addition to expiring passwords, we use settings which encourage users to create strong, complex passwords.
- Exposure Limits We utilize this feature to establish maximum daily deposit, individual check amount, and per item limits per customer per day
- Email Alerts We use this feature to notify you of submitted deposit activity. This allows you to monitor this critical activity on your account.
Farmers Bank & Trust goes to great lengths to safeguard the security of your online banking.As our customer, we believe you also have a stake in securing that online relationship.Two factors are important to this security:Protection of the computer you use for online banking and the security practices you adopt while online.If you have not already done so, please consider implementing some of the following basic security steps.
These suggestions are for all internet banking users including but not limited to ACH originators, wire transfer originators, and Remote Deposit Capture users.
Considerations for all Users:
- Ensure that one person is appointed as the Cash Management/RDC administrator
- Periodically perform a thorough review of cash management users, paying close attention to the authorities granted each - be sure all are active and limits are appropriate for the tasks being performed
- Delete any user immediately who is no longer employed or no longer has a need for access to your company’s information
- Give each online user their own credentials, and discourage sharing credentials
- Use a separate computer for initiating wire transfers and ACH batches
- Practice ongoing account monitoring and reconciliation on at least a daily basis
- Farmers Bank & Trust strongly urges Cash Management customers to utilize the dual control functionality contained within NetTeller
- Notify us immediately should you no longer have a need to utilize ACH/wire origination or
- Remote Deposit Capture
- Notify us immediately should you feel your credentials have been compromised or that fraud has occurred on your account
Secure your computer to help prevent online threats:
- Use the latest version of your operating system and web browsers, and keep security patches current
- Be sure a firewall is active and anti-virus and security patches are installed and updated regularly
- Perform online banking from a stand-alone computer that is not used for web browsing or email
- Assume all your emails are read by other people
- Open email attachments or links only from trusted sources
- Only download software from trusted sources
- Secure the online banking computer so that it is inaccessible after normal business hours
- Use a pop-up blocker. Do not click on links or buttons in pop-up advertisement windows
- Limit administrative user rights to the PC to prevent inadvertent downloading of malware or other viruses
- Adopt advanced security measures by working with consultants or dedicated IT staff
Adopt online security practices to help protect confidential information from fraud and identity theft:
- Use strong password construction principles
- Never share your password with anyone or allow other employees to share
- Avoid using automatic login features that save usernames and passwords for online banking
- Never write your password down or store it online
- Never use the “remember my ID and password” option on your computer
- Use multiple usernames and passwords. (Keep online banking, social networks and online shopping all separate)
- Use your own computer when accessing online banking systems
- Never leave your computer unattended during an online banking session
- Conduct financial transactions only with trusted and secure sites
- Always log off of your online banking session and close your browser
- Don’t put your full birth date on your social networking profile
- Provide continuous education to employees who use online banking systems; providing enhanced security awareness will help ensure employees understand the risks related to their duties
Warning Signs of Potentially Compromised Computer Systems:
- Inability to log into online banking
- Dramatic loss of computer speed
- Changes in the way things appear on the screen
- Computer locks up so the user is unable to perform any functions
- Unexpected rebooting or restarting of computer
- Unexpected request for a one time password in the middle of an online session
- Unusual pop-up messages
- New or unexpected toolbars and/or icons
- Inability to shut down or restart the computer
- Visit our website at www.myfarmers.bank for more tips on safeguarding your information and what to do should you become a victim of identity theft, or visit the federal government’s website at www.onguardonline.gov for suggestions to help you be safe, secure, and responsible online.
Circumstances under which we may contact you on an unsolicited basis and request your electronic banking credentials:
Farmers Bank will NEVER request your electronic banking credentials on an unsolicited basis. We may send you an email notice or alert; however we will never ask you to provide any personal or account information via unsecure email nor will we ask for you login ID or password. You should never send personal or account information via unsecure email.
Explanation of protections provided, and not provided, to account holders relative to electronic funds transfers under Regulation E:
To access our NetTeller Internet Banking, you must use the Access ID we provide, together with a password. It is your responsibility to safeguard the Access ID and password. Anyone to whom you give your NetTeller ID and Password or other means of access will have full access to your accounts even if you attempt to limit that person's authority.
You, or anyone to whom you give your NetTeller ID and password, can instruct us to perform the following transactions:
- Make transfers between your qualifying accounts to the extent authorized
- Obtain information that we make available about your qualifying accounts
- Perform online bill payments
- Obtain other services or perform other transactions that we authorize
You agree to the Terms & Conditions you received when you opened your deposit account. Your Internet Banking payments and transfers will be indicated on the monthly or quarterly statements we provide. Please notify us promptly if you change your address or if you believe there are any errors or unauthorized transactions on any statement information.
If you believe your NetTeller ID, password or other means of access have been lost or stolen or that someone has used them without your authorization, call us immediately at 870-235-7000. After hours you may e-mail us via messaging, here. Immediately contacting us by phone is the best way of reducing your possible losses, since not all e-mail may arrive at their destinations. If you have given someone your NetTeller ID and password and want to terminate that person's authority, you must change your identification number and password or other means of access or take additional steps to prevent further access by such person.
You may terminate your NetTeller Agreement at any time upon giving Bank written notice of the termination. If you terminate, you authorize us to continue making transfers you have previously authorized until we have had a reasonable opportunity to act upon your termination notice. Once we have acted upon your termination notice, we will make no further transfers or payments from your NetTeller Account. If we terminate your use of your NetTeller Account, we reserve the right to make no further transfers of payments from your account including any transactions you have previously authorized.
You are responsible for all transfers you authorize using the NetTeller Internet Banking services. If you permit other persons to use your Access ID, you are responsible for any transactions they authorize or conduct on any of your accounts. However, tell us at once if you believe anyone has used your Access ID and accessed your accounts without your authority. Telephoning is the best way of keeping your possible losses down.
- If the error was caused by a system beyond the control of Farmers Bank & Trust, such as a telecommunications system, or Internet service provider
- If you have not given Farmers Bank & Trust complete, correct, or current information so the transaction can be processed
In case of errors or questions about your NetTeller transactions, telephone us at the phone numbers or write us at the address set forth above as soon as you can. We must hear from you no later than sixty (60) days after we sent the first statement on which the problem appears.
- Tell us your name and account number
- Describe the transaction, including dollar amount, you are unsure about, including the transaction confirmation or reference number if applicable, and explain as clearly as you can why you believe it is an error or why you need more information