There are growing concerns across the industry about Internet fraud. The FDIC continues to warn companies of increased electronic funds transfer (EFT) fraud. Most incidents are a result of compromised login credentials and are perpetrated using malicious software, key loggers and illicit e-mail messages. The U.S. Treasury Department has reported increased incidents of wire transfer fraud and of fraud targeting ACH Batch transfers. By instituting the recommended best practices below, you can greatly reduce your exposure to online fraud.
Best practices for online security:
- Institute dual control for initiating and releasing for both Wire and ACH
transactions. Dual control consists of the segregation of duties and is a primary
internal control which prevents or decreases the risk of errors, or irregularities,
and identifies problems. Dual control is achieved when an individual does not have
control over all phases of a transaction.
- Reconcile electronic transactions daily.
- Ensure computers used for online banking are secure. Install an Internet Security
Suite that provides a personal firewall, anti-virus, anti-malware and anti-spyware
software. Be sure to configure the software for regular updates and scans.
- Perform online banking transactions on computers that are not used for general
Internet purposes (e.g., e-mail visits to other Web sites, including social
networking sites).
- Computer users should not navigate the web when they are using an "identity" on their PC that has Administrative rights. Instead, set up a separate identity for web browsing that does not have Administrative rights, and only use the Administrative rights identity when operating off of the web.
- Regular updates and scans should be enabled to keep the software up to date with current attacks.
- Ensure corporate firewall and network controls remain current.
Simple but effective security hints:
- Don’t use public computers at kiosks, cafes, hotels or public wireless networks to conduct financial transactions of any nature.
- Do not respond to e-mail or phone requests that request online banking
credentials.
- Be aware of advertising scams for virus scanners, showing what looks like a real virus scan of your computer. Never click OK for a popup that states software needs to be installed / purchased to solve the problem.
- Be aware that banner ads are being used by hackers to hide malware that can be installed on a PC without the user even clicking on them.
- Immediately report any suspicious e-mails, application popups, unexpected error
messages, or an unfamiliar login screen to Regions Client Services at
1-800-787-3905.
- Create strong passwords and protect them.
- Choose passwords that cannot be easily guessed.
- Avoid using passwords such as birthdays and pet names.
- Use alphanumeric passwords along both upper and lowercase letters.
- Change your password at least every 60 days for online banking systems.
- Do not store a list of passwords on the computer or keep them near your
computer.
- Never share your logon ID or passwords.
Important Fraud Advisory for Businesses from the U.S. Secret Service, FBI, the Internet Crime Complaint Center and the Financial Services Information Sharing and Analysis Center.
Cyber criminals have begun targeting financial accounts of small and medium sized business owners and employees, resulting in significant business disruption and monetary loss.
Learn more about how to prevent and report online fraud. |
Fraud Prevention Resources
Learn more about the best practices and other helpful tools to help protect your business from fraudulent practices.
Reporting Fraud
Immediately report any suspicious e-mails that appear to be from Regions Bank, application popups, unexpected error messages or an unfamiliar login screen to Regions Client Services by calling 1-800-787-3905.