3 Essential Small Business Security Practices

SecurityPracticesWithKerriBronk-Blog

Keeping your business protected from fraud and security threats can feel like an overwhelming job. One place to start is by focusing on internal controls that help keep your business’s financial information more secure. Our Security Officer, Kerri Bronk, recommends putting the following three internal controls into practice and reviewing them regularly.

“The idea is to have a combination of different types of security checks and balances in place – and to make sure you keep them up-to-date,” said Kerri. “These simple internal controls can really have an impact on how secure your business information can be.”

Authorized Account Signers

A small business may want to have a few people listed on a financial account as an authorized signer. This can vary by business but may include the owners, an office manager or bookkeeper.

Kerri advises, “[a]uthorized account signers have access to some of the essential functions of your financial account, so you want to make sure this type of access is only granted when necessary.”

 FAQs about Authorized Signers

  • What can an authorized account signer do? An authorized signer is different from an account owner (who has complete control over a financial account). In regards to a checking or saving account, for example, a signer can make withdrawals, sign checks and access some account information.
  • How many authorized account signers can I have? There is no limit. However, the more individuals who have access, the more risk you’re taking.
  • How often should I review this access? On an annual basis or when you’ve had an employment change in your executive management team or accounting/payroll staff.
  • How do I make changes to authorized account signers? Changes to authorized signer need to be done in person at a Merchants Bank location. Contact your Customer Service Representative to make an appointment.

Authorized Cardholders

You might like to have the option for several people to make business purchases with a debit or credit card. This is where authorized cardholders come in.

FAQs about Authorized Cardholders

  • What can an authorized cardholder do? An authorized cardholder can use a debit or credit card tied to your business account to make purchases and get cash from an ATM. You can set spending limits per card user to help keep spending in check.
  • Does the authorized cardholder need to be a signer on the account? No, you can give a person access to a card without having other signing abilities.
  • How many authorized cardholders can I have? There is not a set limit to the number, but again the more access, the harder it will be to track spending.
  • How often should I review this access? Who has access to business debit and credit cards should be reviewed more frequently. We’d recommend making updates to your authorized cardholders each quarter or when you have staffing changes.
  • How do I make changes to authorized card holders? For both your Merchants Bank debit or credit cards, stop into your local Merchants Bank location for assistance.

Access to Account Information

Knowing who has access to your business account information and keeping the number of people to a minimum is one of the best ways to avoid a security or fraud threat.

Considering that small or mid-sized businesses lost a median amount of $289,864 to employee funds theft in 2017, it’s critical to thoughtfully review who should have access to this information.*

FAQs about Account Access

  • What kind of information can I give employees access to? You can select the level of information you want an employee to receive from paper statements to viewing accounts in Online & Mobile Banking or credit card transactions through mycardstatement.com. You can also use our mobile card controls – My Mobile Money for debit cards and SecurLock Equip for credit cards – to have alerts on card spending.
  • How many people can have this access? This varies by solution, please ask at your local Merchants Bank location.
  • How often should I review this access? It’s extremely important to stay current with account access. This should be updated immediately when staff join or leave your business.
  • How do I make changes to who has access to my account information?
    • Statements: Contact your local Merchants Bank location for assistance.
    • Business Online & Mobile Banking: Once you have set up your Business Online Banking account with you as the owner, you can add or remove secondary users and define account access or transactions limits per user at your convenience. If you have any questions or need help with user setup, just contact our Electronic Banking Department (ibsupport@merchantsbank.com or (866) 496-0522).
    • mycardstatement.com: Contact your local Merchants Bank location for assistance.

“My last tip regarding internal controls is to ensure that no single employee has access to all the financial aspects of your business,” said Kerri. “For example, you want to make sure that employees who can pay business expenses with a business credit card are not the same employees who pay the credit card bill.”

Just remember that Merchants Bank is always here to help. If you think your business bank account information has been compromised or have a security concern, contact your local Merchants Bank location and ask to speak to your Cash Management Specialist or a Customer Service Representative.

 

*https://www.hiscox.com/documents/2017-Hiscox-Embezzlement-Study.pdf

Top Business Fraud Updates – April 2018

FraudPrevention-Blog

Please review our most recent fraud alerts and security reminders to help protect your business.

Email Spoofing On the Rise

Our business customers have reported an increase in email spoofing scams. Fraudsters are posing as a customer or employee of the business and sending an email to the business asking for a wire transfer or ACH payment. Only after completing the wire transfer have businesses found out that they were dealing with fraudsters and not their actual customers or employees.

Before you complete transactions to your customers, make sure to verify who you are speaking with over the phone or through an email through a secondary source. Call your customer directly through a phone number you have verified. When working with customers via email, remember to look at both names and email addresses for consistency. If you notice anything suspicious, take the extra time to make sure both your business and your customer’s information is safe. When in doubt – check it out and verify.

Directory Listings Scam

Have you been contacted by someone wanting to verify or confirm your business information for a directory listing? Be cautious. Scammers have been calling business claiming to be able to help them with their online directory listings for a fee. In the end, the business is out the money and their information was verified for a directory listing that doesn’t exist. To avoid falling for this scam, make sure to verify who you are speaking to and confirm the phone number through a third party, like the phone book or Yellow pages. Read more details about this scam here.*

Steps to Take Now to Prevent Fraud

Here are three simple things you can do now to prevent fraud on your business accounts. We recommend:

  • Checking your business bank accounts daily for fraudulent transactions. If you are suspicious of a transaction, contact the Bank immediately.
  • Using a fraud transaction detection service, such as Positive Pay, to help you prevent fraudulent checks and transactions from hitting your account.
  • Using our free debit and credit card security apps to track and review all of your transactions immediately. Learn more about My Mobile Money for your business debit card and SecurLock Equip for your business credit card.

Protect Your Business from Cyber Attacks

This tip is part of the FCC’s top ten cyber security tips for small businesses. Protecting and cleaning any computer that handles business information or touches your network is a must. One of the best defenses against online threats is making sure you have the latest security software, web browser and operating system in place too. You can set each of these to automatically install when a new software update is available. In addition, your antivirus software can run a scan after each update to ensure your machines are adequately protected. Take half an hour to check your settings and update your software now. Get more tips here.*

Consider Security First

Use this guide from the FTC to create a security first approach to your business. This in-depth article gives you-step-by-step best practices for protecting sensitive information your business may handle. Read the FTC’s Start with Security Guide now.*

Next Steps If You Have a Security Concern

If you think your business bank account information has been compromised or have a security concern, contact your local Merchants Bank and ask to speak to your Cash Management Specialist or a Customer Service Representative.

 

*You will be linking to another website not owned or operated by Merchants Bank, NA. Merchants Bank, NA is not responsible for the availability or content of this website and does not represent either the linked website or you, should you enter into a transaction. We encourage you to review their privacy and security policies which may differ from Merchants Bank, NA.

Cell Phone Porting Fraud: Check Your Phone

Shot of a businesswoman using technology at work

Fraudsters are getting names, phone numbers and other personal identifiable information of real people and transferring their phone number to a different cell phone service provider. They pose as the victim and report the phone lost to the current provider and request the number be transferred (or “ported”) to a device with a different cellular service provider. Once they do this they can find where the victim may have bank accounts, click a “forgot password” link and request a password change code be sent to the stolen phone number via text message, now directed to their device. Then they can change their account’s password and can then access and manipulate those accounts.

What to watch for:

If your phone suddenly loses service, switches to “Emergency Calls Only,” receives any alert messages or unexpected text messages in regards to authenticating an action you did not request, notify your cellular service provider and financial institution immediately.

Take action to protect yourself:

You can take action against cell phone porting (or “port-out”) fraud by contacting your cell phone service provider. Ask them about their porting/port-out security and request they ask for security verification (that you would set up) when action is requested for your account.

Important Tax Fraud Alert

Tax Fraud

Just days into the start of the 2018 filing season, the IRS identified a new scam in which cybercriminals have stolen client data from tax professionals and filed fraudulent refunds using real taxpayer information, including bank account and routing information for direct deposit.

The fraudster then contacts the taxpayer posing as an employee of a debt collection agency working on behalf of the IRS. They ask the taxpayer to take certain steps to return the refund, but actually, the refund goes to the criminals.

If you have been the victim of this tax fraud scam, please contact a Merchants Bank Customer Service Representative for assistance. The IRS also asks the taxpayers to call the IRS toll-free at (800) 829-1040 (individual) or (800) 829-4933 (business) to explain why the direct deposit is being returned.

There is more information for taxpayers at Tax Topic Number: 161 – Returning an Erroneous Refund

Information reposted at the request of the Federal Reserve Banks on behalf of the Department of the Treasury’s Bureau of the Fiscal Service.

Fraud and Scam Updates – February 2018

FraudAlertsUpdates-Blog.png

Review our most recent fraud alerts and updates to help keep your personal information secure. Want to be automatically updated about recent scams and fraud? Sign up for our Alerts emails here.

Computer Pop Up Scam

Have you heard of this scam? You are on your computer when a pop-up warns that your computer is compromised. If you don’t act now, your computer will crash. Offering to help, a scammer dials into your computer to try “fix” the issue, meanwhile gleaming your personal information. Sometimes, the scammers require a payment to “fix” the computer. In the end, the scammers have what they wanted all along, the personal information they got off your computer and now your credit card information you used to pay them. Please be on the lookout for this scam to protect your private information.

Stolen Mail

Our customers have reported an increase in stolen mail, including people who use their mailbox for outgoing mail.

We’d like to remind all customers to be cautious when sending or receiving personal information, bank account information or checks through the mail. If you’re expecting something to arrive and it doesn’t, check on it – balance your checkbook to make sure all checks clearing your account are for the amount you issued. If you are sending checks through the mail, consider putting your mail in a United States Postal Service Collection Box or take it to the Post Office.

Sharing Login Credentials

It’s never a good idea to share your login credentials, or any private information, with anyone, even people you know or think you know. This tip is especially important to remember when you’re talking to someone over the phone on a call you did not initiate. Please remember that Merchants Bank will never ask for your personal information unless you have previously initiated a conversation with us about your accounts or an application.

Family Emergency Scam

Merchants has recently seen an increase in imposter scams. Customers have almost fallen for some emergency scams, including being asked by a fraudster posing as a relative to send money for bail. If you’re asked to send money in an emergency situation, verify the true location of your friend or relative before responding – even if the person you’re talking to sounds like someone in your family.

Be a skeptic. If the situation doesn’t sound right, it’s time to do some more investigating. If you have doubts, just call or come in to discuss the situation with us. We’re here to help.

Next Steps If You’ve Experienced Fraud

If you notice fraud on your statement, be sure to contact us within 60 days from the date your statement was issued. In most cases, if the fraud is reported within 60 days we have a better chance of resolving the issue. After 60 days from the statement’s issue date, there is nothing we can do to retrieve the lost funds.

If you think your bank account information has been compromised or you are a victim of identity theft, contact your local Merchants Bank and ask to speak to a Customer Service Representative.

Top Business Fraud Updates – January 2018

FraudPrevention-Blog

Please review our most recent fraud alerts and security reminders to help protect your business.

Stolen Business Checks

Fraudsters are using stolen checks from local businesses to make purchases. To prevent your business from losing money due to stolen checks, we recommend:

  • Checking your business bank accounts daily for fraudulent transactions. If you are suspicious of a transaction, contact the Bank immediately.
  • Using a fraud transaction detection service, such as Positive Pay, to help you prevent these checks from hitting your account.

The sooner you can notify the Bank of a fraudulent transaction, the more we can do to help you. Dedicating time to review your accounts regularly can definitely help keep your business more secure.

Lessons to Learn from Uber Hack

You may have heard about the hack and attempted cover-up at Uber that has recently surfaced in the news. The personal information of more than 57 million customers and 600,000 drivers was stolen in a data breach in October 2016. The company then paid the hackers $100,000 to delete the data and keep quiet. What can we learn from this series of events?

First and foremost, it’s important to create a plan for how your company will handle cybersecurity breaches. Simply thinking, “it won’t happen to us” is hardly an option in today’s tech-savvy world. Being prepared beforehand can help you take the right steps if something happens. The FCC provides a free guide, called CyberPlanner*, to help small businesses create cyber plans.

Train Employees on Security Principles

This tip from the FCC* is an important reminder of the role your employees play in protecting your business from security threats. It’s important to establish basic security practices and policies for employees, such as requiring strong passwords and establish appropriate Internet use guidelines, that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data.

Next Steps If You Have a Security Concern

If you think your business bank account information has been compromised or you have a security concern, contact your local Merchants Bank and ask to speak to your Cash Management Specialist or a Customer Service Representative.

 

*You will be linking to another website not owned or operated by Merchants Bank, NA. Merchants Bank, NA is not responsible for the availability or content of this website and does not represent either the linked website or you, should you enter into a transaction. We encourage you to review their privacy and security policies which may differ from Merchants Bank, NA.

Protect Your Identity During the Holidays or Any Time of Year

CardProtectionApps-Blog

The importance of protecting your personal identity became clearer with the recent Equifax data breach where the personal information of more than 143 million Americans was compromised. If you haven’t checked yet, you can still do so at http://www.equifaxsecurity2017.com and clicking “Am I Impacted?” If you have more questions, feel free to call us.

Let Merchants Bank Make Sure You Have the Right Tools

Your security is top of mind at Merchants Bank. We have a number of ways to help you protect yourself with our SecurLock Equip app for your Merchants Bank credit card and My Mobile Money app for our debit card. These apps are very similar.

With SecurLock or My Mobile Money you can:

  • Turn your Merchants Bank credit card or debit card on and off.
  • Control where your credit card or debit card can be used.
  • Receive automatic notifications about possible fraud and take action.

More on SecurLock and My Mobile Money can be found on our website.

Plus, if you use Merchants Online Banking, consider using the “Alerts” functions to monitor activity. To set up automatic alerts, follow the steps outlined in our video tutorial. Alerts can be sent to an email address or via text message.

Best Practices to Use When Shopping Online During the Holidays:

  • Change your passwords often. Use a mixture of numbers, letters and special characters. Don’t use the same passwords for multiple accounts.
  • Be suspicious. Thieves will use calls or emails to trick you into sharing passwords, social security numbers, etc. If you don’t recognize the caller or email, don’t reply.
  • Don’t click on links in emails from your credit card companies, investment companies or banks that would have you update account information. Remember, Merchants Bank will never ask you to update your personal information via a link in an email. When suspicious, call the company at a number you confirmed in a separate source, like a phone book or prior statement.
  • Make a fraud kit. Keep a list of your credit and debit cards, account numbers, expiration dates and customer service of fraud department telephone numbers in a secure place.
  • Read through your credit card bills. If you see a charge you don’t recognize, call and get the charge reversed.
  • Don’t use the “remember password” option. It makes it easier for someone to access your accounts.
  • Do NOT keep a list of passwords in an unprotected document on your devices or written down in an unsecure place.
  • Never save your credit card number online. If that site gets breached, you are at risk. Enter your information each time you make a purchase.

If you’re traveling or spending the winter somewhere else, let us know by contacting your local Customer Service Representative so we can make sure you have the best service.

If you make purchases in a state or country where you don’t normally use your Merchants Bank debit or credit card, we may think these transactions are fraudulent unless we know otherwise. Let us know the dates of your trip, your travel locations and how we may be able to contact you.

If you have additional questions, please contact us. We’re happy to help.