Business Banking Security

Protecting the financial assets of your business is a top priority at People's United Bank, but we can't do it alone.

Protecting your business

Just as you protect your business from intruders by activating a burglar alarm at closing time, your business computers must be protected from cyber thieves attempting to exploit weaknesses in your computer network.

BEC scams have emerged as a major source of financial loss for businesses of all sizes, estimated at over $12 billion through 2018. Also known as Business Email Impersonation, an employee gets an email from someone claiming to be a trusted person or organization requesting an urgent transfer of funds to a fraudulent account number or an urgent request for sensitive information. These scams are sophisticated social engineering techniques but increasingly, cyber criminals are also compromising the actual email account of the person they wish to impersonate to increase the success of the fraud.

READ MORE

Computers that are not appropriately protected can become an open gateway for cyber criminals to access your online account or perform malicious activity. Unfortunately, antivirus alone is not enough to protect you from malware that can give cyber criminals control of your computers. Below are basic tips to protect the computers at your business.

1. Use a dedicated computer: If possible, dedicate a PC to be used ONLY for online banking purposes to mitigate against the risk of PC and user credentials being compromised. This PC should not be used for email, social media, or web browsing.

2. Password Protection: A unique password or token PIN is the first step of securing your online information. Select a password/PIN that is easy for you to remember but not quickly guessed, like birthdays, sequential numbers or street addresses. Do not share your password/PIN with anyone. Remember, our employees will never ask for your password.

3. Keep your operating systems, antivirus and other software up to date. Scan your computers for viruses regularly.

4. Fraud Awareness: Fraudsters use official-looking e-mails (Phishing) and websites to lure you into revealing confidential financial information. The messages appear to be from trusted banks, retailers or other companies. Be suspicious of any e-mail with urgent requests to “verify account information.” When in doubt, call the sender directly and validate the message. If you receive a suspicious email, do not click on any links or attachments, since they could contain malware. Just delete the email.

5. Transaction Review: Check your account balances and transaction activity daily and promptly report any suspicious activity to your account manager or call our Commercial Client Support team.

 

Your business online account has built-in security options you can use to protect and monitor your online activity.  Don’t wait until your business is a victim of cyber fraud before you protect yourself.

1. Enroll and Check your Email Alerts: Alerts will notify you about activity on your account.  Reviewing alerts immediately can protect against fraudulent activity on your account. 

2. Review Account Activity:  Review your online accounts for any transactions you did not initiate.  Early detection may prevent large losses.

3. Requiring two individuals to execute transactions can prevent fraudulent activity even if one employee's computer is compromised.

4. Change your Password:  Changing your password periodically reduces the chance of it being compromised.

5. Only use Company Computers:  When accessing online business accounts, only use designated company computers that use the company network.  Non-business computers and networks are more likely to be infected with malware.

No one wants to become a victim of cyber fraud, but if it does happen, responding to it quickly is of the utmost importance. Below are ways to help your employees identify when they may be the victim of cyber fraud, or when you should consider contacting us for assistance. Be sure that all employees that participate in online banking are aware of these tips.

Contact customer support if you experience any of the following scenarios:

1. If you receive an email alert regarding a wire, ACH, or bill pay transaction you did not initiate

2. If you receive an email alert regarding a change of password or email address you did not create

3. If the login screen looks different or has unusual fields or prompts

4. If you see unknown transactions or balance inconsistencies on your account

5. If you receive a message saying online banking is unavailable due to maintenance or another reason after you just logged in

6. If you log on to online banking and are immediately logged off, your account is locked for no apparent reason, or your computer freezes

People’s United Bank provides commercial online business banking to its business customers to add convenience for conducting financial transactions, but we cannot assume liability for fraud on business accounts as a result of malware and system vulnerabilities on our customers' IT systems. Customers must ensure that adequate security controls are in place on their IT systems before accessing online banking to minimize risk.

Business customers are contractually obligated to maintain the security of their computers and must monitor their accounts. This means that you will be responsible for any fraudulent financial activity on your account if your computers or accounts are compromised. Business customers who use their IT systems to house proprietary, financial, or personnel information should employ an Information Security Professional periodically to conduct a thorough review of their systems and security controls.

Please be aware that the FDIC or Regulation E does not cover fraud losses for commercial customers. People’s United Bank recommends that all business owners discuss online fraud protection with their insurance carriers to ensure they are adequately protected in the event of a loss.


‘Man-in-the-Email’ scam targeting businesses

A new form of ‘Man-in-the-Email’ scam targeting businesses has been on the increase. This scam has been labeled ‘Business Email Compromise’ or ‘BEC’ by the FBI.* The scam focuses on the use of social engineering techniques targeting businesses and their employees for the purposes of committing ACH/Wire fraud. The scam begins through the use of a compromised or spoofed e-mail account of a high level executive (CEO, CFO, etc.), business partner, or trusted supplier requesting what appears to be a legitimate financial transaction. The request, if not validated by the business, results in a fraudulent transaction that the business unknowingly requests through a financial institution to process. Once the transaction is completed, the funds are quickly moved to another account by the fraudster, leaving the business with little to no chance at recovering the funds.

Businesses should be aware of such scams and ways to mitigate the risks associated with it. The most important step is to implement an internal procedure to validate any financial transaction request no matter who it is received from through means other than email, prior to submission to a financial institution. If a request is received via email, the requestor should be contacted through alternate means (ie. phone number on record) to validate the transaction details including the receiving account number and dollar amount at a minimum. Having this dual control step in place can go a long way to saving a business from this type of scam.

*www.ic3.gov/media/2018/180712.aspx

Business man in glasses and blue shirt with tie sitting at desk in big leather chair holding tablet

ACH and Wire Services Fraud

Cyber criminals are targeting businesses, through malware and business email fraud, that use ACH and Wire services. If you spot something unusual (maintenance or error notification) after logging into your account or entering additional token/other codes, please contact us at 1-866-831-5717 immediately. Additionally, if you receive an email request from anyone requesting you to wire funds, always follow up with a phone call (using a known number) to verify the request is valid.

The following tips will help protect your account against fraud:

  • Always protect your password and store your token in a secure location
  • Use a dedicated PC when possible to perform your online banking needs
  • Keep your antivirus/computer software updated and scan for viruses regularly
  • Sign up for email and text alerts
  • Enable multiple approvers for approving ACH and Wire transaction requests
  • Review your transaction history daily

A quick response to potential fraud incidents is critical to minimizing losses and other disruptions.

If you suspect there is fraud on your account, have general security concerns, or need assistance configuring the eTreasury+ security controls, please contact our Treasury Management Client Support team at 866-831-5717 (Mon – Fri 8am to 5:30pm).

© 2019 People's United Bank, N.A.