Security Tips and Information

heritage_logo

Online Banking Fraud Protection

Whenever you access the Internet through a PC or a mobile device, you run the risk of exposing yourself and your company’s systems to online scams or unauthorized app downloads. You may be unaware information has been stolen until the money is gone from your account.

Online fraud schemes attempt to obtain confidential information—including passwords, personal ID numbers, and token codes—and use it to access your accounts, transfer money, or commit other fraudulent acts. The primary methods of online fraud are social engineering, malware, and a combination of both.

Social engineering is an attempt to manipulate you into performing actions or divulging confidential information by impersonating a trustworthy entity in electronic communications. These communications can be sent by email (phishing) or text message (smishing).

 Malware is malicious software installed on your computer without your consent. Once there, it can record keystrokes, re-direct your browser, or display fake websites, all in an effort to impersonate your business in online banking transactions. Your computer can become infected with malware through documents attached to emails, links contained in emails, infected search engine results, or by clicking on links, videos, and documents on legitimate websites, particularly social networking sites.

 How you can help protect your company

  • Implement dual custody. Use dual control for online payment and self-administration services. Dual custody, an industry best practice, requires a second level of approval to release online payment transactions and make self-administration user changes.
  • Update antivirus programs. Ensure that your company’s firewalls, servers, and client applications or systems are updated with all vendor-recommended patches and that your company’s antivirus and antispyware software are installed and updated regularly.
  • Be cautious. Use caution if you receive an email or text message expressing an urgent need for you to update your information, activate an account, or verify your identity by calling a phone number or submitting information on a website. Also practice caution with e-mail attachments and downloadable files.
  • Educate your employees. Educate your employees about online fraud and train them never to give out their online banking access credentials, including passwords, PINs, token codes, and token serial numbers.
  • Use stand-alone PCs for online banking. To initiate money movement transactions, use stand-alone PCs that are not enabled for email or web browsing.
  • Use trusted websites. Always access Heritage Bank Internet Banking site through our trusted bankonheritage.com web address.
  • Protect your network. Identify trusted websites for your business and block access to any web address that is not relevant to your employees’ business needs.
  • Monitor online accounts daily. Actively monitor your online accounts to detect suspicious activities. Contact Heritage Bank immediately if you notice anything out of the ordinary.
  • Use notification/alert services. Set up to receive an e-mail notification alerting you of large transactions or balance limits set on your accounts.

 We can help

Give us a call at 402-694-3136 to talk about implementing dual custody on your Heritage Bank business accounts or to learn about other tools and services to help build a strong fraud protection program to help your company avoid falling victim to online fraud.

Dual custody works

Online fraud can be a serious threat to your business and bank accounts.   Armed with a valid online banking password and ID, thieves — internal and external — can divert funds from your accounts to theirs.

Dual custody is one of the most important tools available to help protect your corporate accounts from the risk of fraud. This industry best practice requires two users to make online payment transactions.  Heritage Bank’s Internet Business Banking application provides our Business partners the ability to implement this control.

The first user initiates a payment, the second user, on a different computer must approve the payment before it takes effect.

By separating user tasks, you’re better positioned to identify and stop fraud before it happens. Thieves may be able to coax access credentials from the user who initiates online payments, but it’s unlikely they’ll also get credentials from the person who has to approve and release the payments.

Similarly, a dishonest employee can’t make unauthorized payments to himself without another person’s approval.

You can implement dual custody for a range of transactions, including ACH payments, ACH receipts, wire transfers and Bill Payment. Dual custody is one of the most effective fraud deterrents in a layered security approach.

For more information, contact your Heritage Bank Internet Banking representative at 888-554-5499

 Six rules for a strong fraud protection program

 Protect access credentials

Never give out Internet Banking logins or passwords, or other authorization credentials. If you receive an e-mail, phone call, or text message claiming to be from Heritage Bank, asking for your credentials, it is likely a “phishing” attempt. DO NOT respond to it. Report it to your local Heritage Bank branch immediately.

 Increase your internal controls

Implement dual custody on all online payment services (ACH, wire transfer, payroll) and self-administration services; reconcile accounts daily to detect suspicious activity; update antivirus and antispyware software and firewalls regularly.

 Educate your employees

 Instruct your employees never to give out the credentials they use to access your online banking systems or accounts. Repeat this message often so it remains top of mind.

Remind your employees of the following:

  • Do not click on links purporting to be antivirus or anti-malware software.
  • Do not download files from peer-to-peer sources or other unknown sources.

 Know your employees

Perform a credit check and a background check on all new employees who have access to your accounts, account records, or cash. Call at least three references to verify information.

Keep authorizations up to date

When an authorized signatory or approver on your accounts leaves your company, notify your Heritage Bank branch location immediately to have that employee’s name removed from all authorizations. Conduct an annual audit of all your bank signature cards, Internet Banking agreements, access codes, and other authorizations to ensure they are current.

 Know your vendors

Require all changes to vendor payment account numbers to be made in writing on the vendor’s letterhead and verified with a call to the vendor’s telephone number in your files. 

Tips for secure Online Banking

Please read below some tips to conduct Online Banking securely.

Never respond to emails that request personal information
At Heritage Bank, we would never ask for your personal details through an email. Nor would we ask for your password through any means, phone, fax or in-persons. If any of our bank personnel asks you for your password, do not disclose it and report him or her immediately to us.

Keep your password top secret and change it often
Changing passwords often helps in protecting your account even if inadvertently you may have disclosed it to someone.

Make your password difficult to guess
When you create your password, make it at least 6 characters long. Include at least one capital letter, one numerals (0-9) and one special character (like @, #, $, etc). This makes the password very difficult to guess.

Never use cyber cafes to access your online accounts
PCs at cyber cafes may be infested with viruses and Trojans that can capture and transmit your personal data to fraudsters. The easiest way to grab information is key logging software, which record all the keystrokes you typed, to be retrieved later for fraudulent usage. Beware of typing passwords on unknown PCs.

Keep your computer secure
Some phishing emails or other spam may contain software that can record information on your Internet activities (spyware) or open a ‘backdoor’ to allow hackers access to your computer (Trojans). Installing anti-virus software and keeping it up to date will help detect and disable malicious software, while using anti-spam software will help stop phishing emails from reaching you. It is also important, particularly for users with a broadband connection, to install a firewall. This will help keep the information on your computer secure while blocking communication from unwanted sources. Make sure you keep up- to-date and download the latest security patches for your browser. If you don’t have any patches installed, visit your browser’s website, for example users of Internet Explorer should go to the Microsoft website.

Check the website you are visiting is secure
Before submitting your bank details or other sensitive information there are a couple of checks you can do to help ensure the site uses encryption to protect your personal data:

If you are visiting the website with a secure connection, you will be able to identify the website through the site’s certificate. A secure or encrypted website address will begin with HTTPS rather than HTTP, and you will see a lock icon in the Address bar. Secure connections use certificates to identify the website and to encrypt your connection so that it will be more difficult for a hacker to view. You can also click the lock icon in the Address bar to see more information about the website.

Note that the fact that the website is using encryption doesn’t necessarily mean that the website is legitimate. It only tells you that data is being sent in encrypted form.

Helpful reminders to assist you in protecting your sensitive information can include:

  • Never let anyone know your PINS or passwords
  • Do not write you PINS or passwords down for someone else to find
  • Do not use the same password for all your online web accounts
  • Avoid opening or replying to spam emails, as this will give the sender confirmation they have reached a live address.
  • Don’t open an attachment from an unconfirmed sender of an e-mail
  • Please contact our Internet Banking department immediately if you feel your Heritage Bank online information has been compromised.

ONLINE BANKING GUIDE

• Do not use public or other unsecured computers for logging on to your online banking.

 • Check your last login date/time every time you log on.

• Review account balances and detail transactions regularly (preferred daily) to confirm payment  and other transaction data and immediately report any suspicious transactions to Heritage Bank.

• View transfer history available through viewing account activity information.

• Whenever possible, use Bill Pay instead of checks to limit account number exposure and to obtain better electronic record keeping.

• Take advantage of, and regularly view system alerts such as Balance Alerts, Transfer Alerts and Password Change Alerts.

• Do not use account numbers, your social security number, or other account or personal information when creating account nicknames or other titles.

• Review historical reporting features of your online banking application on a regular basis to confirm payment and other transaction data.

• Never leave a computer unattended while using your online banking,

• Never conduct banking transactions while multiple browsers are open on your computer.

 If you ever suspect any fraudulent activity do not hesitate to contact us at 888-694-5499.Close

 

Dual custody

 

 

 

This industry best practice requires a second level of approval to release payments and make changes to user access. Thieves may be able to coax access credentials from the employee who initiates online wire or ACH payments, but it’s unlikely they’ll also get past the person who has to approve the payments before they are released.

 

 

 

 

 

 

Dual custody

 

This industry best practice requires a second level of approval to release payments and make changes to user access. Thieves may be able to coax access credentials from the employee who initiates online wire or ACH payments, but it’s unlikely they’ll also get past the person who has to approve the payments before they are released.