Securing Your Identity in the Online Age

RodneyNelsestuenFraudTip

By Rodney Nelsestuen, Chief Information Officer

We all know the threats to online security are constantly changing. The challenges of being an active online and social media user while protecting our identity highlight the important role we all have in keeping our business and personal finances safe.

So, what are some of the current strategies used by hackers and what should we do about them?

Today’s online thief is patient and persistent. Thieves are taking their time in collecting data about us from many sources. Even the most mundane aspects of our lives may be important when added to other data taken from our personal lives, from social media (both our posts and those of friends and family,) and from our workplace. Eventually, all this information is applied in a manner that mimics our personality and behaviors in a convincing way.

How is this possible?

Once a “bad actor,” an online thief or fraudster, has some of your information and your online lifestyle, getting more becomes easy as automated intelligence (AI) serves up a large plate of your preferences, enabling the thief to fully take your place – at least in a virtual sense.

Thus, it’s entirely possible we have a virtual clone navigating the internet, posing as us, and preparing to wreak havoc on our lives by, essentially, taking it for their own.

So, how do we minimize the risk of this happening to us?

Steps to Minimize Risk

Drop out of social media

There are people who have already done this. But dropping out is probably not realistic for most of us. We rely on social media to keep up with friends and family, share joy, sorrow, important information, and we generally find social media a good force in our lives.

Limit what we share on social media

It could be worth our time to more closely manage what is posted and left on social media. Exposing too much about ourselves just makes it easier for thieves to enrich the already valuable data sources available to them.

Talk with family and friends about what you will and will not share on social media and encourage them to do the same. For some of us, posting is done almost willy-nilly, without thought and often reveals deep details that may later be used to compromise our financial or personal lives. Maybe it’s time to pick up the phone to discuss certain aspects of our lives instead of posting them.

Choose our connections in a more deliberate manner

It may be best to limit the number of friends we have online. Most of us have connections that may not be critical to a good social media experience but were set up out of curiosity or recommendations from friends. Examine the controls available on the social media site and narrow what others can see, keeping those closest to you fully engaged, but limiting others.

But Nothing is Fool-Proof. What’s the Next Step?

Because there’s no fool-proof methodology to protecting our identity or our money, we might leverage the tools provided by our most trusted businesses – including banks. Spending the time to fully understand the options and controls that we can employ will allow us to be active participants in managing online threats and help us move from a purely defensive posture to playing offense against the bad guys.

How can we do this?

Actively manage credit and debit cards through apps

Today most of these products have a number of controls that we can actively implement. These include:

  • Turning our credit or debit cards on and off when suspicious activity takes place
  • Setting alerts to notify us via text messages of certain types of transactions or amounts
  • Establishing an out-of-band authentication process when accessing any private financial site to verify your identity through two sources, like your password and a code texted to your phone

These three options will keep us informed on what’s happening to our financial accounts and provide additional assurance that we are, in fact, interacting with our bank and not a fake site.

We have apps for Merchants Bank Debit and Credit Cards that allow you to control your security preferences and set up alerts for when the cards are used.

Have security systems on your computer

It’s fundamental, and a best practice, to have strong antivirus systems on all of our computers. Most of us have these types of subscriptions given they were bundled with the purchase the last time we bought a computer. Make sure, however, that the software also has:

  • anti-malware
  • anti-spyware
  • anti-adware
  • anti-phishing capabilities that can be deployed (or not) at will.

There are additional options we might employ: we can download software that provides an additional layer of security on the computer itself. These tools may harden our computer, keyboard, or mouse against exploitation by hackers. Most of these technologies do not interfere with online speed or performance.

The Solution: Marry Technology and Cautious Online Practices

No technology alone can completely protect us from financial loss or ID theft. Technology needs to be coupled with smart interactions when online. Combining conservative practices, knowing who we are interacting with, using the technologies available through banks and on our own devices bring a holistic approach to securing our online selves and reducing the risks associated with today’s virtual world.

5 Tips for Secure Use of Business Online and Mobile Banking for the Holidays

5 Tips for Secure Use of Business Online and Mobile Banking for the Holidays

We can never overstate the importance of protecting your online security, especially during the busy holiday shopping season for businesses and their customers.

Follow these top tips from our Electronic Banking Specialists to help reduce security threats:

  1. Never share log in IDs and passwords. Each individual user under the business should have a separate log in and password, even seasonal or temporary employees.
  1. Delete inactive/dormant profiles. Remove inactive users, whether former employees or accountants. In Merchants Bank Online Banking, you can make these kinds of updates through the Preferences tab. Set a reminder on your calendar to review this access at least once a quarter.
  2. Never have your browser or phone remember passwords. Always type in your password. While it may seem a bit inconvenient at times, it greatly increases the security of your account information.

    Think about where you’ll be doing business online this holiday season: buying inventory, packing supplies, postage and shipping; processing your employee’s payroll or holiday bonuses or paying for seasonal marketing materials and campaigns. You’ll want to minimize the risk to your account and business information if any of these companies are compromised during the holidays season.

  3. If logging in on a mobile device, be sure your phone or tablet is password protected. In case your device is lost or stolen – which could happen at one of those holiday parties or events you’ll be attending – you don’t want the fraudster to have access to information you have on your device.
  4. Be sure to keep contact information up to date for yourself and other users. It’s very frustrating to request a password reset and not receive it due to a bad email address. To update your information with Merchants Bank, give us a call.

Bonus Tip for Business Online Banking Supervisors and Business Owners: Before the end of the year, review your company users, checking what access they have to which accounts. Also, review debit cards the account may have opened and close any cards that are no longer used. Both of these quick reviews will help reduce fraud on business accounts.

Once you’ve taken this steps to secure your business account, rest assured that you have one less thing to worry about during the holidays. Wishing you a successful fourth quarter!

To learn more about our Online and Mobile business banking options, click on the appropriate link below:

Protect Your Identity During the Holidays or Any Time of Year

CardProtectionApps-Blog

It’s important to take steps to protect your personal identity, especially during the holiday shopping season. Let’s work together to help keep your information safe.

Use Our Free Fraud Tools

Your security is top of mind at Merchants Bank. We have a number of ways to help you protect yourself with our SecurLock Equip app for your Merchants Bank credit card and My Mobile Money app for our debit card. These apps are very similar.

With SecurLock or My Mobile Money you can:

  • Turn your Merchants Bank credit card or debit card on and off.
  • Control where your credit card or debit card can be used.
  • Receive automatic notifications about possible fraud and take action.

More on SecurLock and My Mobile Money can be found on our website.

Plus, if you use Merchants Online Banking, consider using the “Alerts” functions to monitor activity. To set up automatic alerts, follow the steps outlined in our video tutorial. Alerts can be sent to an email address or via text message.

Best Practices to Use When Shopping Online During the Holidays:

  • Change your passwords often. Use a mixture of numbers, letters and special characters. Don’t use the same passwords for multiple accounts.
  • Be suspicious. Thieves will use calls or emails to trick you into sharing passwords, social security numbers, etc. If you don’t recognize the caller or email, don’t reply.
  • Don’t click on links in emails from your credit card companies, investment companies or banks that would have you update account information. Remember, Merchants Bank will never ask you to update your personal information via a link in an email. When suspicious, call the company at a number you confirmed in a separate source, like a phone book or prior statement.
  • Make a fraud kit. Keep a list of your credit and debit cards, account numbers, expiration dates and customer service of fraud department telephone numbers in a secure place.
  • Read through your credit card bills. If you see a charge you don’t recognize, call and get the charge reversed.
  • Don’t use the “remember password” option. It makes it easier for someone to access your accounts.
  • Do NOT keep a list of passwords in an unprotected document on your devices or written down in an unsecure place.
  • Never save your credit card number online. If that site gets breached, you are at risk. Enter your information each time you make a purchase.

If you’re traveling or spending the winter somewhere else, let us know by contacting your local Customer Service Representative so we can make sure you have the best service.

If you make purchases in a state or country where you don’t normally use your Merchants Bank debit or credit card, we may think these transactions are fraudulent unless we know otherwise. Let us know the dates of your trip, your travel locations and how we may be able to contact you.

If you have additional questions, please contact us. We’re happy to help.

 

 

 

 

3 Essential Small Business Security Practices

SecurityPracticesWithKerriBronk-Blog

Keeping your business protected from fraud and security threats can feel like an overwhelming job. One place to start is by focusing on internal controls that help keep your business’s financial information more secure. Our Security Officer, Kerri Bronk, recommends putting the following three internal controls into practice and reviewing them regularly.

“The idea is to have a combination of different types of security checks and balances in place – and to make sure you keep them up-to-date,” said Kerri. “These simple internal controls can really have an impact on how secure your business information can be.”

Authorized Account Signers

A small business may want to have a few people listed on a financial account as an authorized signer. This can vary by business but may include the owners, an office manager or bookkeeper.

Kerri advises, “[a]uthorized account signers have access to some of the essential functions of your financial account, so you want to make sure this type of access is only granted when necessary.”

 FAQs about Authorized Signers

  • What can an authorized account signer do? An authorized signer is different from an account owner (who has complete control over a financial account). In regards to a checking or saving account, for example, a signer can make withdrawals, sign checks and access some account information.
  • How many authorized account signers can I have? There is no limit. However, the more individuals who have access, the more risk you’re taking.
  • How often should I review this access? On an annual basis or when you’ve had an employment change in your executive management team or accounting/payroll staff.
  • How do I make changes to authorized account signers? Changes to authorized signer need to be done in person at a Merchants Bank location. Contact your Customer Service Representative to make an appointment.

Authorized Cardholders

You might like to have the option for several people to make business purchases with a debit or credit card. This is where authorized cardholders come in.

FAQs about Authorized Cardholders

  • What can an authorized cardholder do? An authorized cardholder can use a debit or credit card tied to your business account to make purchases and get cash from an ATM. You can set spending limits per card user to help keep spending in check.
  • Does the authorized cardholder need to be a signer on the account? No, you can give a person access to a card without having other signing abilities.
  • How many authorized cardholders can I have? There is not a set limit to the number, but again the more access, the harder it will be to track spending.
  • How often should I review this access? Who has access to business debit and credit cards should be reviewed more frequently. We’d recommend making updates to your authorized cardholders each quarter or when you have staffing changes.
  • How do I make changes to authorized card holders? For both your Merchants Bank debit or credit cards, stop into your local Merchants Bank location for assistance.

Access to Account Information

Knowing who has access to your business account information and keeping the number of people to a minimum is one of the best ways to avoid a security or fraud threat.

Considering that small or mid-sized businesses lost a median amount of $289,864 to employee funds theft in 2017, it’s critical to thoughtfully review who should have access to this information.*

FAQs about Account Access

  • What kind of information can I give employees access to? You can select the level of information you want an employee to receive from paper statements to viewing accounts in Online & Mobile Banking or credit card transactions through mycardstatement.com. You can also use our mobile card controls – Card Valet for debit cards and SecurLock Equip for credit cards – to have alerts on card spending.
  • How many people can have this access? This varies by solution, please ask at your local Merchants Bank location.
  • How often should I review this access? It’s extremely important to stay current with account access. This should be updated immediately when staff join or leave your business.
  • How do I make changes to who has access to my account information?
    • Statements: Contact your local Merchants Bank location for assistance.
    • Business Online & Mobile Banking: Once you have set up your Business Online Banking account with you as the owner, you can add or remove secondary users and define account access or transactions limits per user at your convenience. If you have any questions or need help with user setup, just contact our Electronic Banking Department (ibsupport@merchantsbank.com or (866) 496-0522).
    • mycardstatement.com: Contact your local Merchants Bank location for assistance.

“My last tip regarding internal controls is to ensure that no single employee has access to all the financial aspects of your business,” said Kerri. “For example, you want to make sure that employees who can pay business expenses with a business credit card are not the same employees who pay the credit card bill.”

Just remember that Merchants Bank is always here to help. If you think your business bank account information has been compromised or have a security concern, contact your local Merchants Bank location and ask to speak to your Treasury Management Specialist or a Customer Service Representative.

 

*https://www.hiscox.com/documents/2017-Hiscox-Embezzlement-Study.pdf

Top Business Fraud Updates – April 2018

FraudPrevention-Blog

Please review our most recent fraud alerts and security reminders to help protect your business.

Email Spoofing On the Rise

Our business customers have reported an increase in email spoofing scams. Fraudsters are posing as a customer or employee of the business and sending an email to the business asking for a wire transfer or ACH payment. Only after completing the wire transfer have businesses found out that they were dealing with fraudsters and not their actual customers or employees.

Before you complete transactions to your customers, make sure to verify who you are speaking with over the phone or through an email through a secondary source. Call your customer directly through a phone number you have verified. When working with customers via email, remember to look at both names and email addresses for consistency. If you notice anything suspicious, take the extra time to make sure both your business and your customer’s information is safe. When in doubt – check it out and verify.

Directory Listings Scam

Have you been contacted by someone wanting to verify or confirm your business information for a directory listing? Be cautious. Scammers have been calling business claiming to be able to help them with their online directory listings for a fee. In the end, the business is out the money and their information was verified for a directory listing that doesn’t exist. To avoid falling for this scam, make sure to verify who you are speaking to and confirm the phone number through a third party, like the phone book or Yellow pages. Read more details about this scam here.*

Steps to Take Now to Prevent Fraud

Here are three simple things you can do now to prevent fraud on your business accounts. We recommend:

  • Checking your business bank accounts daily for fraudulent transactions. If you are suspicious of a transaction, contact the Bank immediately.
  • Using a fraud transaction detection service, such as Positive Pay, to help you prevent fraudulent checks and transactions from hitting your account.
  • Using our free debit and credit card security apps to track and review all of your transactions immediately. Learn more about My Mobile Money for your business debit card and SecurLock Equip for your business credit card.

Protect Your Business from Cyber Attacks

This tip is part of the FCC’s top ten cyber security tips for small businesses. Protecting and cleaning any computer that handles business information or touches your network is a must. One of the best defenses against online threats is making sure you have the latest security software, web browser and operating system in place too. You can set each of these to automatically install when a new software update is available. In addition, your antivirus software can run a scan after each update to ensure your machines are adequately protected. Take half an hour to check your settings and update your software now. Get more tips here.*

Consider Security First

Use this guide from the FTC to create a security first approach to your business. This in-depth article gives you-step-by-step best practices for protecting sensitive information your business may handle. Read the FTC’s Start with Security Guide now.*

Next Steps If You Have a Security Concern

If you think your business bank account information has been compromised or have a security concern, contact your local Merchants Bank and ask to speak to your Cash Management Specialist or a Customer Service Representative.

 

*You will be linking to another website not owned or operated by Merchants Bank, NA. Merchants Bank, NA is not responsible for the availability or content of this website and does not represent either the linked website or you, should you enter into a transaction. We encourage you to review their privacy and security policies which may differ from Merchants Bank, NA.

Cell Phone Porting Fraud: Check Your Phone

Shot of a businesswoman using technology at work

Fraudsters are getting names, phone numbers and other personal identifiable information of real people and transferring their phone number to a different cell phone service provider. They pose as the victim and report the phone lost to the current provider and request the number be transferred (or “ported”) to a device with a different cellular service provider. Once they do this they can find where the victim may have bank accounts, click a “forgot password” link and request a password change code be sent to the stolen phone number via text message, now directed to their device. Then they can change their account’s password and can then access and manipulate those accounts.

What to watch for:

If your phone suddenly loses service, switches to “Emergency Calls Only,” receives any alert messages or unexpected text messages in regards to authenticating an action you did not request, notify your cellular service provider and financial institution immediately.

Take action to protect yourself:

You can take action against cell phone porting (or “port-out”) fraud by contacting your cell phone service provider. Ask them about their porting/port-out security and request they ask for security verification (that you would set up) when action is requested for your account.

Important Tax Fraud Alert

Tax Fraud

Just days into the start of the 2018 filing season, the IRS identified a new scam in which cybercriminals have stolen client data from tax professionals and filed fraudulent refunds using real taxpayer information, including bank account and routing information for direct deposit.

The fraudster then contacts the taxpayer posing as an employee of a debt collection agency working on behalf of the IRS. They ask the taxpayer to take certain steps to return the refund, but actually, the refund goes to the criminals.

If you have been the victim of this tax fraud scam, please contact a Merchants Bank Customer Service Representative for assistance. The IRS also asks the taxpayers to call the IRS toll-free at (800) 829-1040 (individual) or (800) 829-4933 (business) to explain why the direct deposit is being returned.

There is more information for taxpayers at Tax Topic Number: 161 – Returning an Erroneous Refund

Information reposted at the request of the Federal Reserve Banks on behalf of the Department of the Treasury’s Bureau of the Fiscal Service.