130 likes | 273 Views
Commercial eSecurity Training and Awareness. Most electronic fraud falls into one of three categories:
E N D
Most electronic fraud falls into one of three categories: • PHISHING – Fraudulent emails purporting to be from your bank or a similar trusted source lures you to a copy cat website (one that may look just like our website). Once there, you are instructed to “verify” certain information which is then used to hijack your credentials and access your account. If you receive a suspicious email, delete the message (DO NOT REPLY) and callus to inform us of the email. • PHARMING – Also called “domain spoofing”, this cyber crime intercepts internet traffic and re-routes it to a fraudulent site. Once there, you are asked to enter information just like in a PHISHING scheme. • MALWARE – Software designed to infiltrate or damage a computer system without the owner’s knowledge. Examples include viruses, worms, Trojan horses, spyware and adware. Common Online Threats
Commercial account transactions occur more frequently and for higher dollar amounts than individual consumer accounts. As a result, your accounts may be targeted for account takeover. Fraudsters use social engineering techniques and other means to target individuals within a business and get them to unknowingly load malicious software (malware) onto your company computers. This malware is used to gather company data such as logins and passwords. The fraudsters then use these credentials to access (and take over) your commercial bank accounts. Many times, funds are transferred out of the commercial bank accounts within minutes. Cyber Criminals Want YOU
Regulation E Regulation E provides certain protections to consumers who experience unauthorized electronic transactions on their bank accounts. However, this coverage does not extend to commercial account holders. Business account holders are liable for any financial loss that may result from unauthorized electronic transactions on their accounts. At River Valley Bank we are always assessing new online banking security threats and enhancing online product controls to combat the increasing number of account takeovers occurring in the online environment. But we can’t do it alone.
A Partnership for Safe Online Banking • Lawmakers, regulators and the banking industry have forged substantive standards for safeguarding your commercial accounts from cyber criminals. At River Valley Bank we have developed security programs based on these standards which are designed to: • Ensure the security and confidentiality of your account information. • Protect against any anticipated threats to the security of your information. • Protect against unauthorized access to your accounts.
Our online banking products and services have several controls which are designed to protect you and your account information: • Unique user names and passwords • Session time-outs • Security pictures • Strong challenge questions • Password reset controls • Transaction thresholds • New user and user change controls • IP and time of day restrictions • Secure tokens • Confirmation requirements for high risk transactions • Account and transaction email alerts River Valley Bank’s Role If you have questions, concerns or want to implement any of these controls, please contact us.
Our security measures can’t be effective without your help and cooperation. Some common sense and easily implemented precautions can help you PROTECTyourself, your employees and your accounts, DETECTfraudulent activity and RESPOND to security incidents. Your Role
Don’t respond to or open attachments or click on links in unsolicited e-mails. If a message appears to be from us and requests account information, so not use any of the links provided and call us. • Be way of pop-up messages claiming your machine is infected and offering software to scan and fix the problem. This could actually be malicious software that allows a fraudster to remotely access and control your computer. • Minimize the functions performed on computers used for online banking. A computer used for online banking should not be used for general web browsing, emailing or social networking. • If you receive a message when logging into our online banking system that the system is unavailable, call us immediately. • Source: Fraud Advisory for Business created as a joint effort between the United States Secret Service, the Internet Crime Complaint Center (IC3) and the Financial Services Information Sharing and Analysis Center (FD-ISAC) PROTECT
Do not leave computers used for online banking unattended. Log out of online banking applications and log off online banking computers when not in use. • Use and install spam filters. • Install and maintain real-time anti-virus, anti-spyware and malware detection and removal software. Allow for automatic updates and scheduled scans. • Change default passwords on all computers and software. • Install security updates to your systems as they become available. • Make regular back-up copies of system files and work files. • Do not use public internet access points to access online banking. • Initiate ACH and wire transfers under dual control using two separate computers. • Source: Fraud Advisory for Business created as a joint effort between the United States Secret Service, the Internet Crime Complaint Center (IC3) and the Financial Services Information Sharing and Analysis Center (FD-ISAC) PROTECT
Monitor and reconcile your accounts at least one a day. This will allow you to quickly detect unauthorized activity and allows the bank to take actions to prevent or minimize losses. • Take note of any changes in the performance of your computer such as dramatic loss of speed, changes in the way things appear, computer locks up, unexpected restarting of your computer, unexpected request for a one-time password in the middle of an online session, unusual pop-up messages, new or unexpected toolbars, inability to shut down or restart your computer. • Pay attention to alerts you receive from your anti-virus software. • Be alert for rogue e-mails. If someone says they received an e-mail from you that you did not send, you probably have malware on your computer. • Source: Fraud Advisory for Business created as a joint effort between the United States Secret Service, the Internet Crime Complaint Center (IC3) and the Financial Services Information Sharing and Analysis Center (FD-ISAC) DETECT
If you detect suspicious activity immediately cease all online activity and disconnect the network cables to any computers that may be compromised. • Make sure your employees know how to report any suspicious activity on their computers. • Immediately contact us so that the following actions can be taken as appropriate: • Disable online access to accounts • Change online banking passwords • Open new accounts • Review all recent transactions • Ensure that no one has added any new payees, requested an address or phone number change, created any new user accounts, changed access of existing users, changed ACH/wire templates, etc. • Source: Fraud Advisory for Business created as a joint effort between the United States Secret Service, the Internet Crime Complaint Center (IC3) and the Financial Services Information Sharing and Analysis Center (FD-ISAC) RESPOND
Maintain a written chronology of what happened, what was lost and the steps taken to report the incident to us. • File a police report if there are any losses. • Have a contingency plan to recover systems and files from computers that may have been compromised. • If your business accepts credit cards, you are subject to compliance with the Payment Card Industry Data Security Standard (PCI DSS) and you may be required to report the incident to your card company. • Source: Fraud Advisory for Business created as a joint effort between the United States Secret Service, the Internet Crime Complaint Center (IC3) and the Financial Services Information Sharing and Analysis Center (FD-ISAC) RESPOND
Who To Call at River Valley Bank Customer Assistance Center Toll free 888.842.0221