Business Internet Banking Best Practices

Business Internet Banking Best Practices
Business Internet Banking / Cash Management
Fraud Prevention Best Practices
This document provides fraud prevention best practices that can be used as a
training tool to educate new Users within your organization or as a review
document for current Users.
User ID and Password Guidelines
•
Create a “strong” password with at least 8 characters that includes a
combination of mixed case letters, numbers, and special characters; change
your password frequently or
•
Create a “strong” eight character alphanumeric PIN with Secure Token sign-on.
•
Never share login credentials (username, password, token number, and PIN)
with third-party providers.
•
Avoid using an automatic login feature that saves usernames and passwords.
•
Do not store passwords on the same device used to access online banking.
General Guidelines
•
Do not use public or other unsecured computers for logging into Business
Internet Banking / Cash Management.
•
Users should check the last login date/time every time they log in.
Page 1 of 5
•
Review account balances and detail transactions regularly (preferably daily) to
confirm payment and other transaction data and immediately report any
suspicious transactions to your financial institution.
•
Take advantage of and regularly view system alerts; examples include:
• ACH Alerts
• Wire Alerts
• Password change alerts
•
Do not use account numbers, your social security number, or other account or
personal information when creating account nicknames or other titles.
•
Review historical reporting features of your online banking application on a
regular basis to confirm payment and other transaction data.
•
Never leave a computer unattended while using Business Internet Banking/
Cash Management.
•
Never conduct banking transactions while multiple browsers are open on your
computer.
Administrative Users
•
Prohibit the use of “shared” usernames and passwords for Business Internet
Banking/ Cash Management.
•
Limit administrative rights on users' workstations to help prevent the
inadvertent downloading of malware or other viruses.
•
Dedicate and limit the number of computers used to complete online banking
transactions; do not allow Internet browsing or e-mail exchange and ensure
these computers are equipped with latest versions and patches of both antivirus and anti-spyware software.
•
Delete online user IDs as part of the exit procedure when employees leave your
company.
•
Assign dual system administrators for online cash management services.
•
Use multiple approvals for monetary transactions and require separate entry and
approval users.
•
Establish transaction dollar limits for employees who initiate and approve online
payments such as ACH batches, wire transfers, and account transfers.
Page 2 of 5
•
Provide enhanced security awareness training that will help ensure employees
understand the security risks related to their duties.
Tips to Protect Online Payments & Account Data
•
Take advantage of transaction limits. Establish limits for monetary transactions.
•
When you have completed a transaction, ensure you log off to close the
connection with the financial organization's computer.
•
Use separate accounts for electronic and paper transactions to simplify
monitoring and tracking any discrepancies.
•
Reconcile by carefully monitoring account activity and reviewing all transactions
initiated by your company on a daily basis.
ACH (Automated Clearing House)
•
Use pre-notification (zero-dollar) transactions to verify that account numbers
within your ACH payments are correct.
•
Use limits for monetary transactions at multiple levels: per transaction, daily,
weekly, or monthly limits.
•
Review transaction reporting regularly to confirm transaction activity.
Wire Transfer
•
Use limits provided for monetary transactions at multiple levels: per transaction,
daily, weekly, or monthly limits.
•
Review historical and audit reports regularly to confirm transaction activity.
Account Transfer
•
Use limits provided for monetary transactions at multiple levels: per transaction,
daily, weekly, or monthly limits.
•
Review historical and audit reports regularly to confirm transaction activity.
Page 3 of 5
Tips to Avoid Phishing, Spyware and Malware
•
Do not open e-mail from unknown sources. Be suspicious of e-mails purporting
to be from a financial institution, government department, or other agency
requesting account information, account verification, or banking access
credentials such as usernames, passwords, PIN codes, and similar information.
Opening file attachments or clicking on web links in suspicious e-mails could
expose your system to malicious code that could hijack your computer.
•
Never respond to a suspicious e-mail or click on any hyperlink embedded in a
suspicious e-mail. Call the purported source if you are unsure who sent an email.
•
If an e-mail claiming to be from your financial organization seems suspicious,
checking with your financial organization may be appropriate.
•
Install anti-virus and spyware detection software on all computer systems. Free
software may not provide protection against the latest threats compared with an
industry standard product.
•
Update all of your computers regularly with the latest versions and patches of
both anti-virus and anti-spyware software.
•
Ensure computers are patched regularly, particularly operating system and key
application with security patches.
•
Install a dedicated, actively managed firewall, especially if using a broadband or
dedicated connection to the Internet, such as DSL or cable. A firewall limits the
potential for unauthorized access to your network and computers.
•
Check your settings and select, at least, a medium level of security for your
browsers.
•
Clear the browser cache before starting any Business Internet Banking/ Cash
Management session to eliminate copies of web pages that have been stored on
the hard drive. How the cache is cleared depends on the browser and version
you are using. This function is generally found in the browser's preferences
menu.
•
Be advised that you will never be presented with a maintenance page after
entering login credentials. Legitimate maintenance pages are displayed when
first reaching the URL and before entering login credentials.
•
Business Internet Banking/ Cash Management does not use pop-up windows to
display login messages or errors. They are displayed directly on the login
screen.
Page 4 of 5
•
Business Internet Banking/ Cash Management never displays pop-up messages
indicating that you cannot use your current browser.
•
Business Internet Banking error messages never include an amount of time to
wait before trying to login again.
•
Adopt advanced security measures by working with consultants or information
technology staff.
•
Be advised that repeatedly being asked to enter your password/token code are
signs of potentially harmful activity.
•
Being asked challenge questions if your computer was previously registered is a
sign of potentially harmful activity.
Tips for Wireless Network Management
Wireless networks can provide an unintended open door to your business network.
Unless a valid business reason exists for wireless network use, it is recommended
that all wireless networks be disabled. If a wireless network is to be used for
legitimate business purposes, it is recommended that wireless networks be secured
as follows:
•
Change the wireless network hardware (router /access point) administrative
password from the factory default to a complex password. Save the password in
a secure location as it will be needed to make future changes to the device.
•
Disable remote administration of the wireless network hardware (router / access
point).
•
If possible, disable broadcasting the network SSID.
•
If your device offers WPA encryption, secure your wireless network by enabling
WPA encryption of the wireless network. If your device does not support WPA
encryption, enable WEP encryption.
•
If only known computers will access the wireless network, consider enabling
MAC filtering on the network hardware. Every computer network card is
assigned a unique MAC address. MAC filtering will only allow computers with
permitted MAC addresses access to the wireless network.
Page 5 of 5
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement