How to Tell if a Website is Legitimate

Computer Security

If you’re one of the 209.6 million Americans who shop online,* it’s important to take steps to verify the legitimacy of a company website before placing an order. Here are five tips to help you determine if a website is legitimate.

1. Can you easily find the company’s full contact information?

You should be able to locate the business’s full name, physical address, telephone number and email address. In addition, if you call the telephone number listed, make sure you can reach a live person who can verify details about the business.

Red Flag = You cannot find the company’s contact information.

2. Is there a Terms and Conditions web page?

Find the Terms and Conditions page on the website and read it carefully to understand company products, return policies and more.

Red Flag = You cannot find the company’s Terms and Conditions page.

3. Does the site accept secure payments?

If the company wants to accept secure payments with a credit card, they must use SSL security which properly encrypts your payment and personal information. Websites with SSL security have a website address that begins with “https” instead of “http.” For example, https://www.merchantsbank.com.

Red Flag = The company’s site does not accept secure payments.

4. Is the site design and information professional?

Review the site for typos, errors, misspellings, stolen images and more.

Red Flag = The company’s site contains any of the above.

5. What happens when you Google search the company’s name?

Type the company name into Google and read related customer reviews, feedback and articles.

Red Flag = Bad feedback or customer experiences.

Visit the FTC Consumer website for information on current website scams.

*http://www.statista.com/statistics/183755/number-of-us-internet-shoppers-since-2009/

 

Meet Becky Zoellner, Cash Management Specialist

 

ZoellnerBecky

Get to know Becky Zoellner, one of our Cash Management Specialists. At Merchants, we offer a variety of Cash Management services to help businesses improve efficiency, security and more. Our options include tools for collection, disbursement, security and management.

When did you start your banking career?

Becky: I started my banking career in 2009. When I started in banking, I did not plan on it being my career.  However, it wasn’t even a year and I realized I had a passion for working with customers on each of their unique financial situations that brought them into the bank.

What do you like most about your job?

Becky: Every business is very unique.  My favorite part of my job is working with my customers to understand their business. I want to understand where they’re looking to grow and figuring out their strengths and weaknesses and developing a cash flow plan that fits their specific needs. In addition to learning about my customers’ businesses, I enjoy sharing my knowledge of cash management.  You don’t need to be an expert in cash management, that’s my job, but I want you to feel comfortable and have a good understanding of solutions available to help meet your business goals.  

Can you help businesses assess which cash management services make sense for them? How does this process work?

Becky: Absolutely.  I like to talk to owners and managers, preferably within their work environment.  I want to learn about the business and its processes.  What works well?  Where are the struggles?  From there, we can talk about cash management services that can help along with putting together a plan of how to implement them. 

What does community banking mean to you?

Becky: Community bankers take the time to get to know you and your business.  As a community, we’re all working together towards being the best for ourselves and all those around us. I was drawn to a community bank because I firmly believe in having strong, service-oriented values. The most important thing for me is to be able to give customers my best service and that of my team of co-workers.

What are some of the biggest benefits to a business using Cash Management services?

Becky: With cash management services, you get control and understanding of your account activity. The various products and services help with maximizing cash flow and monitoring for fraudulent activity. 

What are your tips for wrapping up your fiscal year?

Becky: Use a trusted expert. My expertise is cash management, your expertise is in your industry and a CPA has expertise in tax law. We have experts so that we know these very important business functions are done correctly. Also, early on, write your financial goals for the next year down! Many individuals and businesses forget that step, but it is so important. After you have your goals defined, writing down a concrete plan to reach those goals is just as important. As the year goes on, set aside time to analyze your progress and see if any adjustments need to be made and what needs to be done to reach those goals.

What do you do to work with businesses around year end?

Becky: Year end is a good time to think about successes and where there are opportunities for improvement.  I’m generally busy meeting with businesses on how to obtain their goals for the following year. Questions I usually ask are:

  • Do you want your staff to be more efficient with their time?  Remote deposit capture will allow your staff to make deposits right at their desk.
  • Are you looking to improve cash flow?  Processing receivables and payables through ACH will provide a better handle on when funds are crediting and debiting your account.
  • What are you doing to ensure your business isn’t faced with the consequences of fraud?  Let’s talk about how our online banking can assist with separation of duties and how ACH Filters and Positive Pay can assist you with daily activity monitoring. And the list goes on.

If you could snap your fingers and own your own business, what would you want it to be?

Becky: I would love to be a travel consultant because I would assume it would require me to travel more!

What’s your favorite thing about supporting local business?

Becky: I love that local businesses genuinely care about their customers’ experience, and that makes it feel like you’re supporting a friend.  Who doesn’t love that?    

 

If you are interested in finding out how your business could benefit from cash management services, contact one of our Cash Management Specialists.

 

Some Cash Management services may have fees that apply.

3 Essential Small Business Security Practices

SecurityPracticesWithKerriBronk-Blog

Keeping your business protected from fraud and security threats can feel like an overwhelming job. One place to start is by focusing on internal controls that help keep your business’s financial information more secure. Our Security Officer, Kerri Bronk, recommends putting the following three internal controls into practice and reviewing them regularly.

“The idea is to have a combination of different types of security checks and balances in place – and to make sure you keep them up-to-date,” said Kerri. “These simple internal controls can really have an impact on how secure your business information can be.”

Authorized Account Signers

A small business may want to have a few people listed on a financial account as an authorized signer. This can vary by business but may include the owners, an office manager or bookkeeper.

Kerri advises, “[a]uthorized account signers have access to some of the essential functions of your financial account, so you want to make sure this type of access is only granted when necessary.”

 FAQs about Authorized Signers

  • What can an authorized account signer do? An authorized signer is different from an account owner (who has complete control over a financial account). In regards to a checking or saving account, for example, a signer can make withdrawals, sign checks and access some account information.
  • How many authorized account signers can I have? There is no limit. However, the more individuals who have access, the more risk you’re taking.
  • How often should I review this access? On an annual basis or when you’ve had an employment change in your executive management team or accounting/payroll staff.
  • How do I make changes to authorized account signers? Changes to authorized signer need to be done in person at a Merchants Bank location. Contact your Customer Service Representative to make an appointment.

Authorized Cardholders

You might like to have the option for several people to make business purchases with a debit or credit card. This is where authorized cardholders come in.

FAQs about Authorized Cardholders

  • What can an authorized cardholder do? An authorized cardholder can use a debit or credit card tied to your business account to make purchases and get cash from an ATM. You can set spending limits per card user to help keep spending in check.
  • Does the authorized cardholder need to be a signer on the account? No, you can give a person access to a card without having other signing abilities.
  • How many authorized cardholders can I have? There is not a set limit to the number, but again the more access, the harder it will be to track spending.
  • How often should I review this access? Who has access to business debit and credit cards should be reviewed more frequently. We’d recommend making updates to your authorized cardholders each quarter or when you have staffing changes.
  • How do I make changes to authorized card holders? For both your Merchants Bank debit or credit cards, stop into your local Merchants Bank location for assistance.

Access to Account Information

Knowing who has access to your business account information and keeping the number of people to a minimum is one of the best ways to avoid a security or fraud threat.

Considering that small or mid-sized businesses lost a median amount of $289,864 to employee funds theft in 2017, it’s critical to thoughtfully review who should have access to this information.*

FAQs about Account Access

  • What kind of information can I give employees access to? You can select the level of information you want an employee to receive in Small Business Online Banking or Commercial Online Banking or credit card transactions through mycardstatement.com. You can also use our mobile card controls – Card Valet for debit cards and SecurLock Equip for credit cards – to have alerts on card spending.
  • How many people can have this access? This varies by solution, please ask at your local Merchants Bank location.
  • How often should I review this access? It’s extremely important to stay current with account access. This should be updated immediately when staff join or leave your business.
  • How do I make changes to who has access to my account information?
    • Statements: Contact your local Merchants Bank location for assistance.
    • Small Business Online Banking and Commercial Online Banking: Once you have set up your account with you as the owner, you can add or remove secondary users and define account access per user at your convenience.

      If you have any questions or need help with user setup, contact our Electronic Banking Department (ibsupport@merchantsbank.com or (866) 496-0522) for Small Business Online Banking or Treasury Management Support for Commercial Online Banking (commercialonline@merchantsbank.com or (833) 694-2374).

    • mycardstatement.com: Contact your local Merchants Bank location for assistance.

“My last tip regarding internal controls is to ensure that no single employee has access to all the financial aspects of your business,” said Kerri. “For example, you want to make sure that employees who can pay business expenses with a business credit card are not the same employees who pay the credit card bill.”

Just remember that Merchants Bank is always here to help. If you think your business bank account information has been compromised or have a security concern, contact your local Merchants Bank location and ask to speak to your Treasury Management Specialist or a Customer Service Representative.

 

*https://www.hiscox.com/documents/2017-Hiscox-Embezzlement-Study.pdf

Top Business Fraud Updates – April 2018

FraudPrevention-Blog

Please review our most recent fraud alerts and security reminders to help protect your business.

Email Spoofing On the Rise

Our business customers have reported an increase in email spoofing scams. Fraudsters are posing as a customer or employee of the business and sending an email to the business asking for a wire transfer or ACH payment. Only after completing the wire transfer have businesses found out that they were dealing with fraudsters and not their actual customers or employees.

Before you complete transactions to your customers, make sure to verify who you are speaking with over the phone or through an email through a secondary source. Call your customer directly through a phone number you have verified. When working with customers via email, remember to look at both names and email addresses for consistency. If you notice anything suspicious, take the extra time to make sure both your business and your customer’s information is safe. When in doubt – check it out and verify.

Directory Listings Scam

Have you been contacted by someone wanting to verify or confirm your business information for a directory listing? Be cautious. Scammers have been calling business claiming to be able to help them with their online directory listings for a fee. In the end, the business is out the money and their information was verified for a directory listing that doesn’t exist. To avoid falling for this scam, make sure to verify who you are speaking to and confirm the phone number through a third party, like the phone book or Yellow pages. Read more details about this scam here.*

Steps to Take Now to Prevent Fraud

Here are three simple things you can do now to prevent fraud on your business accounts. We recommend:

  • Checking your business bank accounts daily for fraudulent transactions. If you are suspicious of a transaction, contact the Bank immediately.
  • Using a fraud transaction detection service, such as Positive Pay, to help you prevent fraudulent checks and transactions from hitting your account.
  • Using our free debit and credit card security apps to track and review all of your transactions immediately. Learn more about My Mobile Money for your business debit card and SecurLock Equip for your business credit card.

Protect Your Business from Cyber Attacks

This tip is part of the FCC’s top ten cyber security tips for small businesses. Protecting and cleaning any computer that handles business information or touches your network is a must. One of the best defenses against online threats is making sure you have the latest security software, web browser and operating system in place too. You can set each of these to automatically install when a new software update is available. In addition, your antivirus software can run a scan after each update to ensure your machines are adequately protected. Take half an hour to check your settings and update your software now. Get more tips here.*

Consider Security First

Use this guide from the FTC to create a security first approach to your business. This in-depth article gives you-step-by-step best practices for protecting sensitive information your business may handle. Read the FTC’s Start with Security Guide now.*

Next Steps If You Have a Security Concern

If you think your business bank account information has been compromised or have a security concern, contact your local Merchants Bank and ask to speak to your Cash Management Specialist or a Customer Service Representative.

 

*You will be linking to another website not owned or operated by Merchants Bank, NA. Merchants Bank, NA is not responsible for the availability or content of this website and does not represent either the linked website or you, should you enter into a transaction. We encourage you to review their privacy and security policies which may differ from Merchants Bank, NA.

Cell Phone Porting Fraud: Check Your Phone

Shot of a businesswoman using technology at work

Fraudsters are getting names, phone numbers and other personal identifiable information of real people and transferring their phone number to a different cell phone service provider. They pose as the victim and report the phone lost to the current provider and request the number be transferred (or “ported”) to a device with a different cellular service provider. Once they do this they can find where the victim may have bank accounts, click a “forgot password” link and request a password change code be sent to the stolen phone number via text message, now directed to their device. Then they can change their account’s password and can then access and manipulate those accounts.

What to watch for:

If your phone suddenly loses service, switches to “Emergency Calls Only,” receives any alert messages or unexpected text messages in regards to authenticating an action you did not request, notify your cellular service provider and financial institution immediately.

Take action to protect yourself:

You can take action against cell phone porting (or “port-out”) fraud by contacting your cell phone service provider. Ask them about their porting/port-out security and request they ask for security verification (that you would set up) when action is requested for your account.

Ransomware and Rip Van Winkle: Don’t Ever, Ever Sleep Again

This can't be right

Security Awareness Week

By Rodney Nelsestuen, Chief Information Officer

We all know the story of Rip Van Winkle who slept for 20 years and woke to find he’d missed the Revolutionary War and that society had changed dramatically. Today, poor Rip would find that a mere 20-minute nap may be enough to put him out of touch – especially when it comes to security.

This was driven home by a 2017 global attack of ransomware (aptly named Wannacry) that put hospitals, governments, and businesses on the defensive and interrupted the normal course of business on some estimated 250,000 computers in 150 countries, including the US. This event was one of the first to have a large-scale global reach and one which cost those who were attacked an estimated $3 billion dollars. Moreover, the success of Wannacry and its scale will most certainly result in a massive expansion of the ransomware “business.”

You may wonder why ransomware is so popular as compared to other types of hacking. Here are three reasons:

The attacker need do nothing and still gets paid.

Ransomware either encrypts files on a computer or blocks access to the files. These programs used to be delivered exclusively in emails as an attachment that a victim would open. While that delivery method is still in use, the more pernicious versions simply roam the internet and when they find an unprotected network or computer, will launch the attack without human intervention.

Stealing personal information and credit card data is still popular, but imagine how much work it is to steal, store, organize, and then find a buyer for that data. In short, the old fashioned methods of theft are a lot of work compared to a ransomware attack that threatens to delete all data on a computer unless the victim pays for the release. Attackers simply sit back and wait for the victim to pay.

Want to go into business? Try ransomware as a service.

Don’t know anything about computers or hacking? No need to worry. You can contract with a hacker and outsource your criminal activity. Organizations offering ransomware services are beginning to take root and will encourage bad actors of all types to try their hand at it.

After all, what do they have to lose? The outsourced service provider does all the work and gets paid a cut of the take, and you merely await your share as the business owner.

If one door is locked, just try another.

The interconnectivity of the internet and businesses across the globe makes it much easier for a ransomware attack to succeed. Can’t get into a corporate network? Try the company’s version of webmail, which can be accessed from any computer in the world. Can’t get a user to click on a link? Then use in-memory malware to deliver the payload. Find it hard to scale your crime? Then hack cloud services and launch attacks against thousands of high value targets at once. In short, ransomware has multiple attack vectors.

So what can I do to protect my business?

There are long-standing processes and tools that companies need as a foundation to stopping ransomware. While the list of approaches is long, let’s focus on three items that will reduce the risk of being hacked or a victim of ransomware:

  1. Whether you run your own technology or outsource it, be sure you know what protections and processes you have in place. Anti-virus software, firewalls, and intrusion detection software with expert alerts, and patching systems and applications are regularly among these basics. More importantly, make sure your security tools are on the most current versions. This may mean having updates almost continuously at times as risk conditions can change dynamically. It’s good to look into new technologies as new threats arise, but remember that the tools you do have may be the best there are if kept up to date.
  2. Layer security across your business. No one single solution will protect you from every attack. Whether physical locks on doors, increasing the sophistication of passwords, using out of band authentication, or segmenting your network with additional firewalls, consider using a layered approach to make it more difficult for bad actors to get through to your valued information. This includes using the security and authentication steps offered by your bank. Most banks will provide tools that allow the business to verify financial transactions before they occur. Unfortunately, too many businesses fail to adopt these solutions and processes.
  3. Train your staff on proper use of the connected world we live in – and keep security awareness in the forefront of employees’ minds. The human threat is twofold: first, people make mistakes and as humans, we always will. Second, there has been a growing threat from insiders who are ‘groomed’ by bad actors to ultimately take part in a crime. While this is an unpleasant topic, it’s something every business owner or manager needs to consider today.

One final thought. It would pay most businesses to be connected to an organization that monitors the global threat environment and can keep the business up to date on emerging threats. This external information can then be aligned with your internal IT steps and actions. There are several such organizations and many have very reasonable fees.

The security issues faced by businesses will only be more challenging in the future. Staying up to date on security technology, being vigilant on how users interact with your systems, and having an eye to the emerging threats as they grow are all smart and necessary steps for any business today.

While there are no sure-fire solutions to risk, by taking a multi-faceted approach you’re in the know about the threat environment, and you’ll feel better that you’re managing it in a sound manner. Then you’ll be able to sleep peacefully even with one eye open so as not to miss, as Rip Van Winkle did, the important things in life such as the birth of a nation.

Tax Scammers Target Might Target You: Here’s What to Do

Tax Scam Awareness

It’s that time of year — tax time. It’s also a great time to get up to speed on tax-related scams. Here are two ways tax scammers might target you and what you can do about it:

Tax Identity Theft
This kind of identity theft happens when someone files a fake tax return using your personal information — like your Social Security number — to get a tax refund. Tax identity theft also happens when someone uses your Social Security number to get a job. You find out about it when you get a letter from the IRS saying:

  • More than one tax return was filed in your name, or
  • IRS records show wages from an employer you don’t know

If you get a letter like this, contact the IRS Identity Protection Specialized Unit at 800-908-4490. You can find more about tax identity theft at ftc.gov/taxidtheft and irs.gov/identitytheft.

IRS Imposter Scams
This time scammers aren’t pretending to be you — they’re posing as the IRS. They call you up saying you owe taxes, and threaten to arrest you if you don’t pay right away. They might know all or part of your Social Security number, and they can rig caller ID to make it look like the call is coming from Washington, DC – when it could be coming from anywhere. Leaving you no time to think, they tell you to put the money on a prepaid debit card and tell them the card number right away.

The real IRS won’t ask you to pay with prepaid debit cards or wire transfers, and won’t ask for a credit card number over the phone. When the IRS contacts people about unpaid taxes, they usually do it by mail. You can report IRS imposter scams to the Treasury Inspector General for Tax Administration (TIGTA) online or at 800-366-4484, and to the FTC at ftc.gov/complaint.

Visit IdentityTheft.gov
IdentityTheft.gov is the federal government’s one-stop resource to help you report and recover from identity theft. You can report identity theft, get step-by-step advice, sample letters, and your FTC Identity Theft Affidavit. These resources will help you fix problems caused by the identity theft.