Teresa Fegyak and Tina Bechtel Take on Additional Responsibilities at Merchants Bank in Spring Grove

FegyakTeresa

Teresa Fegyak, Personal Banker

Teresa Fegyak and Tina Bechtel have taken on additional responsibilities at Merchants Bank in Spring Grove. Fegyak is now a Personal Banker and Bechtel is now Customer Service Representative/Lead Teller, according to Matt Schuldt, President of Merchants Bank in Spring Grove and Caledonia.

“Teresa and Tina have great relationships with our customers in Spring Grove, and those customers will benefit more from the additional skill and service they will provide,”Schuldt said.

As a Personal Banker, Fegyak will now be able to help customers with consumer loans in addition to deposit accounts. She has been with the Merchants organization since 2000, when she started working with Merchants Bank in Caledonia. She moved to the Spring Grove branch in 2010.

BechtelTina

Tina Bechtel, Customer Service Representative/ Lead Teller

“Instead of having to refer customers who may need a loan to another banker, I’ll be able to help them. This will be more convenient for our great customers,”Fegyak said.

Bechtel, who has been serving as Lead Teller in both the Spring Grove and Caledonia locations, will add the Customer Service Representative responsibilities to her duties and focus on the Spring Grove location.

“With my additional responsibilities I look forward to helping people even more when they see us in Spring Grove,”Bechtel said.

Rhonda Merchlewitz Moves to Winona as Mortgage Loan Officer

MerchlewitzRhonda

Rhonda Merchlewitz, Mortgage Loan Officer

Merchants Bank Mortgage Loan Officer Rhonda Merchlewitz has moved from St. Charles to Winona to meet the expanding need in the Winona market, according to Sue Hovell, Director of Retail Banking Performance.

“We’re excited to have Rhonda join our team in Winona,”Hovell said. “In addition to her skills with conventional mortgage loans, Rhonda is also very knowledgeable with other types of loans, including VA, FHA, Rural Development and Minnesota Housing. She is also an expert in our construction loans, which is perfect for people considering building.”

Merchlewitz has been in banking since 1998 and has been part of the Merchants team since 2004, working with customers in Merchants Bank in St. Charles, as well as serving the mortgage needs for the Merchants Bank locations in Rushford and Lanesboro.

“It’s been a great joy to work with my customers over the years, and meet their needs. I’ve enjoyed working with people several times as repeat customers and then helping their children as well,”Merchlewitz said. “I look forward to building the same sort of relationships with customers in Winona. It’s an exciting time for me.”

Merchlewitz spent time living in Winona before her move to Merchants in St. Charles. She said she is looking forward to a smooth transition, where she will meet the needs of current customers as she establishes her presence in Winona. Tami Krause will be taking on the new role of serving mortgage customers in St. Charles, as will Kari Johnson in Rushford and Lanesboro.

Tammy Johnson Named Cash Management Sales Manager for the Merchants Bank Organization

Tammy Johnson, Cash Management Officer

Tammy Johnson, Cash Management Sales Manager

Tammy Johnson has been promoted to Assistant Vice President and Cash Management Sales Manager, according to Sue Hovell, Director of Retail Banking Performance for Merchants Bank.

Johnson will be the cash management sales and market support for the local teams at all 21 Merchants Bank locations in Minnesota and Wisconsin. She had been the Cash Management officer for the organization’s southern tier of banks since 2011 and has been with Merchants Bank for 17 years.

“Cash management products and services are designed to save businesses time and money, protect against any potential fraudulent activity and create opportunities for those businesses to grow,” Johnson said. “I look forward to working with experts at our locations to present the best options available for our current and future customers.”

The cash management/treasury management area is a focus for the Merchants Bank organization.

“Being able to service relationships locally sets us apart,” Hovell said. “With Tammy working with the local teams the result will be exceptional service for our customers. It is part of the personal relationship our tellers, customer service representatives, personal bankers and commercial bankers offer to all our customers. They look forward to applying their knowledge to develop solutions unique to your business and tailored for success.”

Johnson will support Merchants Bank Minnesota locations in Winona, St. Charles, Goodview, Rochester, Rushford, Lanesboro, Caledonia, La Crescent, Spring Grove, Cannon Falls, Red Wing, Hampton, and the southern Twin Cities metropolitan suburbs of Apple Valley, Cottage Grove, Hastings, Lakeville and Rosemount. She will also support Wisconsin locations in Eau Claire and Onalaska. All banks are FDIC members and equal housing lenders. Subject to credit approval. Additionally, Twin Cities-based Merchants Bank Equipment Finance is also a division of Merchants Bank, N.A.

Katie Lund Joins Merchants Bank in Rochester as a Mortgage Lender

LundKatie

Katie Lund, Mortgage Lender

Katie Lund has joined Merchants Bank in Rochester as a Mortgage Lender, according to John Doyle, President of Merchants Bank in Rochester.

Lund has been part of the Merchants Bank team since 2008, when she joined Merchants Bank Equipment Finance (then known as Merchants Capital Resources). Since 2013, she has worked at Merchants Bank in Rosemount as a Mortgage Loan Coordinator.

“Katie brings a great deal of knowledge and experience with the mortgage origination process, which will be an immediate benefit to our customers,”Doyle said. “She puts the needs of our customers first, and she is dedicated to making sure those needs are met. I know people will enjoy working with her.”

Lund’s office will be at Merchants Bank’s Northwest Plaza location. She is a native of St. Charles, MN, and has recently moved to Rochester with her family.

“I’m familiar with the needs of the individuals and families who are part of the Rochester market,”Lund said. “I’m excited to help people realize their dreams of home ownership with the programs and support we can offer at Merchants. Given the very active Rochester housing market, I’m especially looking forward to helping people get pre-qualified for their loans, so they can be first in line when they make an offer on their next home.”

Best Practices in Risk Management

SAWRiskAssessmentFollowUP

Previously we discussed risk assessment and how, while it is both an IT and human undertaking, most risk assessments need to start and end with business processes. After you have conducted a risk assessment, it might seem that you simply need to review the assessment and determine which risks should be reduced or eliminated. While this is true, managing risk goes beyond responding to a risk assessment process. In this article, we’ll take up the topic of risk management, which involves dealing with a continuum of risks.

Categorizing Risk
Before you can begin to manage risk, it can be helpful to segment your potential risks into categories for further definition and review. Typically, risks can be placed in one of three categories:

  1. Known Knowns are risks are a part of our industry, business, or simply part of our lives. For example, almost every business using electronic payments the danger lies in being hacked, losing customer credit or debit card information, or having funds misdirected by a criminal – or even by human error.
  2. Known Unknowns are risks that cannot be foreseen, but can be understood. For example, while the risk of a computer/network system being hacked is a known risk, it is unknown who will do it, where it will come from or the purpose of the hack.
  3. Unknown Unknowns are risks you only see in hindsight only. Recent technology events that fit this class of risks include the “poodle’ and ‘heart bleed’ vulnerabilities. Both of these highly technical vulnerabilities actually existed in thousands of computer systems for decades but were completely innocent until someone discovered they could be exploited for malicious intent. It is quite possible that many more of these unknown unknowns exist in the computer systems we rely on every day.

Risk Management Practices
With these three categories in mind, you can establish risk management practices for your business. When considering the first two categories, your risk assessment can help you rank and rate each risk, its potential to occur and, if it occurs, the magnitude of its impact. From here, risk management policies can help you handle risks effectively and in a reasonable manner. For example, if a very low probability risk would have catastrophic results for your business, it may be a matter of policy that your company would work at reducing or eliminating that risk regardless of the risk assessment score.

Risk management is an active and ongoing process. Once policy is in place, a set of operating standards are needed to set expectations for IT and other staff who deal with risks. Standards may include existing controls or new controls to help reduce or eliminate risks. For example, one operating standard could be to have an out of band authentication (a process of secure verification of your staff member) on any online corporate funds transfer. Beyond existing controls, risk management standards could include requiring risks of a certain magnitude will be handled within a set number of days. If the risk is not resolved within that time frame, management can review and discuss why the risk is not yet reduced, and take additional action or, in some cases, decide to extend the time to cure the risk.

Once risk is reduced, it’s important to complete a review of the ‘residual’ risk, that risk which cannot be eliminated. For example, using out of band authentication reduces the risk of a bad actor transferring funds, but there is still the risk of human error in posting the funds, transferring to the wrong person or entity, and the like. These risks may then be addressed through procedures or processes.

Processes establish the methodology for meeting policy requirements at the level set by standards. In the funds transfer example above, using out of band authentication reduces the technology risk that money will be stolen. However, internal processes still need to be established to reduce the risk of human error. Moreover, and while disturbing to consider, more incidents of employee theft have been cited in recent years. Therefore, separation of duties and normal, traditional human control mechanisms are just as important as technical risk management.

The following six steps briefly summarize the risk management process:

SecurityGraphic

Risk management needs be an ongoing and integral part of your business management today. Technology risks are often more than purely IT issues and involve humans who conduct every part of your daily business. Especially when processes involve money, it is important to have these processes tied to policies and standards, which creates a measurable and defined set of risk management capabilities. Finally, while all three are tied together, it is important to manage risk dynamically as the risk environment changes

Fraud: It’s Social

SAWSocialEngineering

Mitigating fraud is especially critical to business success today. Regardless of what industry you’re in, the threat of fraud impacting you or your customers is ever-present. The impact may be financial, loss of trust, damage to reputation, or all of these. And the perpetrators of fraud are growing both in number and in sophistication, which leads us to the topic of social engineering.

One definition provided by Techtarget.com lists social engineering as “an attack…that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.” While awareness of social engineering is growing, the actual theft of money and confidential information obtained through social engineering is growing faster. According to the FBI, thieves stole nearly $750 million in (email phishing) scams from more than 7,000 companies in the U.S. between 2013 and 2015.

Social engineering uses the good will of employees and customers, who often believe they are being helpful, to acquire confidential information. How does this evolve into a crime? Social engineering data is taken from a broad and meaningful set of sources by deceiving users to disclose information and from publically available sources such as Facebook or professional aggregation sites such as spokeo.com or, by purchasing stolen data that is readily for sale online. This information is analyzed in conjunction with other data to enable serious crimes that may be perpetrated later on. Once a criminal has enough information, they no longer need to steal money by brute force, but simply log on as an employee, posting real credentials and security information, and steal money in what appears to be a legitimate transaction. So what should a business do to prevent fraud that may go undetected for some time?

Companies are now employing best practices that extend beyond the fraud software used in today’s business operations —they include the integration of deep technology controls and dynamic cybersecurity practices into more traditional risk management techniques. The success of this effort depends on the ongoing, up-to-date expertise of a company’s staff with respect to rapidly changing security threats. Staff training and scenario planning need to be a constant effort with reminders to people throughout the organization to be on the lookout for the unusual request or event.

Even with strong training and due diligence, a fraud event may well occur. When it does, the business should have a three-part response:

  1. Halt the event
  2. Assess the damage
  3. Address how to recover.

Finally, complacency is not acceptable. The nature of fraud will continue to evolve, creating new threats that need to be combatted with a proactive, disciplined approach by both businesses and the customers they serve.

Identity Theft: Your Path to Immortality

SAWIDTheft

One of the most insidious outcomes of today’s electronic crime is identity theft. Having your identity stolen usually results in months or years unwinding the false and often damaging actions taken by hackers pretending to be you. In many ways, id theft is among the most personally invasive crimes today, and certainly it is when considering the list of electronic crimes.

The road to identity theft is often made up of several small trails that hackers use to “assemble” your identity and use it for financial gain. Hacking email is only one element of the sophisticated e-criminal’s toolkit. They also search and assemble other information found online in social media or in publicly available ‘aggregation’ sites where personal information is gathered from sources including local, county, state, and national information sites.

While much of this information is public, it can be used to augment private information obtained through hacking or through simply buying personal data from criminals housing data from massive breaches involving social security numbers, credit or debit card numbers, or personal login information. Because id theft is the result of a process and not often a single breach of data, the best route to prevention is diligence.

It’s easy to ignore online security because it often involves deliberate and sometimes tedious steps. But failing to follow good security practices will only make it easier for criminals to gather and assemble a “virtual you.” And as has been proven over and over again, once online, information can live forever. To manage the personal risk, standard security practices should be kept in the forefront of your online activity. Among those things you should be doing are the following ten practices:

  1. Reduce the amount of information you share on social media.
  2. Change passwords to your financial institutions periodically, whether or not the financial institution requires it.
  3. Do not use the same password for multiple sites.
  4. Extend the complexity of passwords by using pass phrases and making them harder to hack such as: Th1$isH^rder2hacK.
  5. Check your financial institution balances frequently to review transactions.
  6. Maintain a valid subscription to a virus and malware service on your computers.
  7. Use options such as out of band authentication when completing online financial or other transactions involving personal information.
  8. Never go to a site by clicking on a link in an email or attachment – login by going directly to the URL of the site you wish to visit.
  9. If you suspect your computer has been compromised, take it to a qualified expert for evaluation.
  10. Back up your computer regularly, keeping several copies from different time frames so that if you are compromised, you can reinstall a previous version.

You can find additional resources online through organizations such as Privacy Rights Clearinghouse, an online consumer advocacy site that provides a host of information to help deter id theft and steps to take if it occurs.

Managing your personal online security does take some effort. But failing to do so may result in id theft that is devastating and will take on a life of its own and one that is difficult to terminate. If you’re looking for immortality, this may not be your best option.