3 Essential Small Business Security Practices

SecurityPracticesWithKerriBronk-Blog

Keeping your business protected from fraud and security threats can feel like an overwhelming job. One place to start is by focusing on internal controls that help keep your business’s financial information more secure. Our Security Officer, Kerri Bronk, recommends putting the following three internal controls into practice and reviewing them regularly.

“The idea is to have a combination of different types of security checks and balances in place – and to make sure you keep them up-to-date,” said Kerri. “These simple internal controls can really have an impact on how secure your business information can be.”

Authorized Account Signers

A small business may want to have a few people listed on a financial account as an authorized signer. This can vary by business but may include the owners, an office manager or bookkeeper.

Kerri advises, “[a]uthorized account signers have access to some of the essential functions of your financial account, so you want to make sure this type of access is only granted when necessary.”

 FAQs about Authorized Signers

  • What can an authorized account signer do? An authorized signer is different from an account owner (who has complete control over a financial account). In regards to a checking or saving account, for example, a signer can make withdrawals, sign checks and access some account information.
  • How many authorized account signers can I have? There is no limit. However, the more individuals who have access, the more risk you’re taking.
  • How often should I review this access? On an annual basis or when you’ve had an employment change in your executive management team or accounting/payroll staff.
  • How do I make changes to authorized account signers? Changes to authorized signer need to be done in person at a Merchants Bank location. Contact your Customer Service Representative to make an appointment.

Authorized Cardholders

You might like to have the option for several people to make business purchases with a debit or credit card. This is where authorized cardholders come in.

FAQs about Authorized Cardholders

  • What can an authorized cardholder do? An authorized cardholder can use a debit or credit card tied to your business account to make purchases and get cash from an ATM. You can set spending limits per card user to help keep spending in check.
  • Does the authorized cardholder need to be a signer on the account? No, you can give a person access to a card without having other signing abilities.
  • How many authorized cardholders can I have? There is not a set limit to the number, but again the more access, the harder it will be to track spending.
  • How often should I review this access? Who has access to business debit and credit cards should be reviewed more frequently. We’d recommend making updates to your authorized cardholders each quarter or when you have staffing changes.
  • How do I make changes to authorized card holders? For both your Merchants Bank debit or credit cards, stop into your local Merchants Bank location for assistance.

Access to Account Information

Knowing who has access to your business account information and keeping the number of people to a minimum is one of the best ways to avoid a security or fraud threat.

Considering that small or mid-sized businesses lost a median amount of $289,864 to employee funds theft in 2017, it’s critical to thoughtfully review who should have access to this information.*

FAQs about Account Access

  • What kind of information can I give employees access to? You can select the level of information you want an employee to receive in Small Business Online Banking or Commercial Online Banking or credit card transactions through mycardstatement.com. You can also use our mobile card controls – Card Valet for debit cards and SecurLock Equip for credit cards – to have alerts on card spending.
  • How many people can have this access? This varies by solution, please ask at your local Merchants Bank location.
  • How often should I review this access? It’s extremely important to stay current with account access. This should be updated immediately when staff join or leave your business.
  • How do I make changes to who has access to my account information?
    • Statements: Contact your local Merchants Bank location for assistance.
    • Small Business Online Banking and Commercial Online Banking: Once you have set up your account with you as the owner, you can add or remove secondary users and define account access per user at your convenience.

      If you have any questions or need help with user setup, contact our Electronic Banking Department (ibsupport@merchantsbank.com or (866) 496-0522) for Small Business Online Banking or Treasury Management Support for Commercial Online Banking (commercialonline@merchantsbank.com or (833) 694-2374).

    • mycardstatement.com: Contact your local Merchants Bank location for assistance.

“My last tip regarding internal controls is to ensure that no single employee has access to all the financial aspects of your business,” said Kerri. “For example, you want to make sure that employees who can pay business expenses with a business credit card are not the same employees who pay the credit card bill.”

Just remember that Merchants Bank is always here to help. If you think your business bank account information has been compromised or have a security concern, contact your local Merchants Bank location and ask to speak to your Treasury Management Specialist or a Customer Service Representative.

 

*https://www.hiscox.com/documents/2017-Hiscox-Embezzlement-Study.pdf

Cell Phone Porting Fraud: Check Your Phone

Shot of a businesswoman using technology at work

Fraudsters are getting names, phone numbers and other personal identifiable information of real people and transferring their phone number to a different cell phone service provider. They pose as the victim and report the phone lost to the current provider and request the number be transferred (or “ported”) to a device with a different cellular service provider. Once they do this they can find where the victim may have bank accounts, click a “forgot password” link and request a password change code be sent to the stolen phone number via text message, now directed to their device. Then they can change their account’s password and can then access and manipulate those accounts.

What to watch for:

If your phone suddenly loses service, switches to “Emergency Calls Only,” receives any alert messages or unexpected text messages in regards to authenticating an action you did not request, notify your cellular service provider and financial institution immediately.

Take action to protect yourself:

You can take action against cell phone porting (or “port-out”) fraud by contacting your cell phone service provider. Ask them about their porting/port-out security and request they ask for security verification (that you would set up) when action is requested for your account.

Fraud and Scam Updates for May

Fraud-Blog

Review our most recent fraud alerts and updates to help keep your personal information secure. Want to be automatically updated about recent scams and fraud? Sign up for our Alerts emails here: http://bit.ly/1G1dF0n

Internal Revenue Service Scam

Some of our customers have fallen for a recent scam involving fraudsters posing as employees from the Internal Revenue Service (IRS). The fraudster will call you – stating to be an Internal Revenue Service employee – and claim you owe back taxes, which can be paid via wire transfer.

The truth is that the IRS does not use phone calls to make personal contacts. If the IRS wants to contact you, they will send a letter first. If you receive a phone call from an individual claiming to be from the IRS, it is a scam. For more information on how and when the IRS might contact you, see these two articles from the Federal Trade Commission:

Check Fraud

Merchants has recently seen an increase in fraudulent checks. Customers have fallen for some “too good to be true” scenarios including being asked to be a secret shopper for a fake business or receiving a winnings check in the mail from a drawing they did not enter. When you receive a check, make sure to consider where it came from.

Some questions to ask yourself:

  • Did I recently enter any contests or drawings where I could win money?
  • Can I verify the information on the check through a third-party? For example, can you confirm a person’s contact information through the phone book? Or confirm a business’s information through an online directory like the Yellow Pages?
  • Does it sound too good to be true?

Be a skeptic. If the situation doesn’t sound right, it’s time to do some more investigating before depositing that check. For more information, read this article on check fraud from the Federal Trade Commission.

Next Steps If You’ve Experienced Fraud

If you think your bank account information has been compromised or you are a victim of identity theft, contact your local Merchants Bank and ask to speak to a Customer Service Representative.