Merchants Bank Hires New Chief Information Officer

Stephen Swenson, Chief Information Officer

Stephen Swenson has joined Merchants Bank as Senior Vice President/Chief Information Officer (CIO), according to Greg Evans, President & Chief Executive Officer. Swenson will replace current CIO, Rodney Nelsestuen, who will be retiring in May.

“The expertise Stephen brings to Merchants as a technology thought leader will be a benefit to all of our stakeholders. The specific experience he has had in the financial services industry will help ensure our digital banking services evolve with customer needs and expectations while also maintaining our disciplined focus on information security and customer privacy,” said Evans.

Swenson has more than 25 years of experience in information technology and operations as both as an executive and consultant to the financial services industry. He has helped provide leadership and consulted for U.S. Bank, Wells Fargo, Alerus, Cornerstone Bank and other financial institutions to implement large-scale technology solutions, facilitate change management and improve operational processes.

“I’m excited to join Merchants because of their commitment to innovation and leveraging technology to create a better customer experience,” said Swenson. “The combination of Merchants’ service culture and investment in digital banking tools is a strong foundation to build on as we look to the needs of customers into the future.”

Swenson is a graduate of the University of Minnesota Carlson School of Business, also holds a Master of Science in Computer Information Systems and is a Certified Public Account (CPA inactive).

Merchants Bank is a full service community bank with 19 bank locations in southeastern Minnesota, two bank locations in west-central Wisconsin and a leasing division, Merchants Bank Equipment Finance, in Edina. As the parent company for Merchants Bank, Merchants Financial Group, Inc. (MFGI) also owns the First National Bank of Northfield, with two banking offices in Northfield and a loan production office in Bloomington, Minn. Headquartered in Winona, MN, MFGI has more than $2.1 billion in assets. Merchants was founded in 1875.

How to Tell if a Website is Legitimate

Computer Security

If you’re one of the 209.6 million Americans who shop online,* it’s important to take steps to verify the legitimacy of a company website before placing an order. Here are five tips to help you determine if a website is legitimate.

1. Can you easily find the company’s full contact information?

You should be able to locate the business’s full name, physical address, telephone number and email address. In addition, if you call the telephone number listed, make sure you can reach a live person who can verify details about the business.

Red Flag = You cannot find the company’s contact information.

2. Is there a Terms and Conditions web page?

Find the Terms and Conditions page on the website and read it carefully to understand company products, return policies and more.

Red Flag = You cannot find the company’s Terms and Conditions page.

3. Does the site accept secure payments?

If the company wants to accept secure payments with a credit card, they must use SSL security which properly encrypts your payment and personal information. Websites with SSL security have a website address that begins with “https” instead of “http.” For example, https://www.merchantsbank.com.

Red Flag = The company’s site does not accept secure payments.

4. Is the site design and information professional?

Review the site for typos, errors, misspellings, stolen images and more.

Red Flag = The company’s site contains any of the above.

5. What happens when you Google search the company’s name?

Type the company name into Google and read related customer reviews, feedback and articles.

Red Flag = Bad feedback or customer experiences.

Visit the FTC Consumer website for information on current website scams.

*http://www.statista.com/statistics/183755/number-of-us-internet-shoppers-since-2009/

 

3 Essential Small Business Security Practices

SecurityPracticesWithKerriBronk-Blog

Keeping your business protected from fraud and security threats can feel like an overwhelming job. One place to start is by focusing on internal controls that help keep your business’s financial information more secure. Our Security Officer, Kerri Bronk, recommends putting the following three internal controls into practice and reviewing them regularly.

“The idea is to have a combination of different types of security checks and balances in place – and to make sure you keep them up-to-date,” said Kerri. “These simple internal controls can really have an impact on how secure your business information can be.”

Authorized Account Signers

A small business may want to have a few people listed on a financial account as an authorized signer. This can vary by business but may include the owners, an office manager or bookkeeper.

Kerri advises, “[a]uthorized account signers have access to some of the essential functions of your financial account, so you want to make sure this type of access is only granted when necessary.”

 FAQs about Authorized Signers

  • What can an authorized account signer do? An authorized signer is different from an account owner (who has complete control over a financial account). In regards to a checking or saving account, for example, a signer can make withdrawals, sign checks and access some account information.
  • How many authorized account signers can I have? There is no limit. However, the more individuals who have access, the more risk you’re taking.
  • How often should I review this access? On an annual basis or when you’ve had an employment change in your executive management team or accounting/payroll staff.
  • How do I make changes to authorized account signers? Changes to authorized signer need to be done in person at a Merchants Bank location. Contact your Customer Service Representative to make an appointment.

Authorized Cardholders

You might like to have the option for several people to make business purchases with a debit or credit card. This is where authorized cardholders come in.

FAQs about Authorized Cardholders

  • What can an authorized cardholder do? An authorized cardholder can use a debit or credit card tied to your business account to make purchases and get cash from an ATM. You can set spending limits per card user to help keep spending in check.
  • Does the authorized cardholder need to be a signer on the account? No, you can give a person access to a card without having other signing abilities.
  • How many authorized cardholders can I have? There is not a set limit to the number, but again the more access, the harder it will be to track spending.
  • How often should I review this access? Who has access to business debit and credit cards should be reviewed more frequently. We’d recommend making updates to your authorized cardholders each quarter or when you have staffing changes.
  • How do I make changes to authorized card holders? For both your Merchants Bank debit or credit cards, stop into your local Merchants Bank location for assistance.

Access to Account Information

Knowing who has access to your business account information and keeping the number of people to a minimum is one of the best ways to avoid a security or fraud threat.

Considering that small or mid-sized businesses lost a median amount of $289,864 to employee funds theft in 2017, it’s critical to thoughtfully review who should have access to this information.*

FAQs about Account Access

  • What kind of information can I give employees access to? You can select the level of information you want an employee to receive in Small Business Online Banking or Commercial Online Banking or credit card transactions through mycardstatement.com. You can also use our mobile card controls – Card Valet for debit cards and SecurLock Equip for credit cards – to have alerts on card spending.
  • How many people can have this access? This varies by solution, please ask at your local Merchants Bank location.
  • How often should I review this access? It’s extremely important to stay current with account access. This should be updated immediately when staff join or leave your business.
  • How do I make changes to who has access to my account information?
    • Statements: Contact your local Merchants Bank location for assistance.
    • Small Business Online Banking and Commercial Online Banking: Once you have set up your account with you as the owner, you can add or remove secondary users and define account access per user at your convenience.

      If you have any questions or need help with user setup, contact our Electronic Banking Department (ibsupport@merchantsbank.com or (866) 496-0522) for Small Business Online Banking or Treasury Management Support for Commercial Online Banking (commercialonline@merchantsbank.com or (833) 694-2374).

    • mycardstatement.com: Contact your local Merchants Bank location for assistance.

“My last tip regarding internal controls is to ensure that no single employee has access to all the financial aspects of your business,” said Kerri. “For example, you want to make sure that employees who can pay business expenses with a business credit card are not the same employees who pay the credit card bill.”

Just remember that Merchants Bank is always here to help. If you think your business bank account information has been compromised or have a security concern, contact your local Merchants Bank location and ask to speak to your Treasury Management Specialist or a Customer Service Representative.

 

*https://www.hiscox.com/documents/2017-Hiscox-Embezzlement-Study.pdf

Cell Phone Porting Fraud: Check Your Phone

Shot of a businesswoman using technology at work

Fraudsters are getting names, phone numbers and other personal identifiable information of real people and transferring their phone number to a different cell phone service provider. They pose as the victim and report the phone lost to the current provider and request the number be transferred (or “ported”) to a device with a different cellular service provider. Once they do this they can find where the victim may have bank accounts, click a “forgot password” link and request a password change code be sent to the stolen phone number via text message, now directed to their device. Then they can change their account’s password and can then access and manipulate those accounts.

What to watch for:

If your phone suddenly loses service, switches to “Emergency Calls Only,” receives any alert messages or unexpected text messages in regards to authenticating an action you did not request, notify your cellular service provider and financial institution immediately.

Take action to protect yourself:

You can take action against cell phone porting (or “port-out”) fraud by contacting your cell phone service provider. Ask them about their porting/port-out security and request they ask for security verification (that you would set up) when action is requested for your account.

Tax Scammers Target Might Target You: Here’s What to Do

Tax Scam Awareness

It’s that time of year — tax time. It’s also a great time to get up to speed on tax-related scams. Here are two ways tax scammers might target you and what you can do about it:

Tax Identity Theft
This kind of identity theft happens when someone files a fake tax return using your personal information — like your Social Security number — to get a tax refund. Tax identity theft also happens when someone uses your Social Security number to get a job. You find out about it when you get a letter from the IRS saying:

  • More than one tax return was filed in your name, or
  • IRS records show wages from an employer you don’t know

If you get a letter like this, contact the IRS Identity Protection Specialized Unit at 800-908-4490. You can find more about tax identity theft at ftc.gov/taxidtheft and irs.gov/identitytheft.

IRS Imposter Scams
This time scammers aren’t pretending to be you — they’re posing as the IRS. They call you up saying you owe taxes, and threaten to arrest you if you don’t pay right away. They might know all or part of your Social Security number, and they can rig caller ID to make it look like the call is coming from Washington, DC – when it could be coming from anywhere. Leaving you no time to think, they tell you to put the money on a prepaid debit card and tell them the card number right away.

The real IRS won’t ask you to pay with prepaid debit cards or wire transfers, and won’t ask for a credit card number over the phone. When the IRS contacts people about unpaid taxes, they usually do it by mail. You can report IRS imposter scams to the Treasury Inspector General for Tax Administration (TIGTA) online or at 800-366-4484, and to the FTC at ftc.gov/complaint.

Visit IdentityTheft.gov
IdentityTheft.gov is the federal government’s one-stop resource to help you report and recover from identity theft. You can report identity theft, get step-by-step advice, sample letters, and your FTC Identity Theft Affidavit. These resources will help you fix problems caused by the identity theft.

Watch Out for These Red Flags to Stay Safe While Shopping Online

IMN-OnlineShopping

It is hard to overstate the popularity of online shopping. There is almost no category of product that can’t be purchased online. From wedding dresses, to pets and potato chips, consumers are heading online to purchase things that only a few years ago would have been considered strange to buy online. With so many online stores to choose from, it can be hard to tell which are legitimate and which could leave you vulnerable to scam or identity theft.

One of the easiest ways to tell if a website is secure is by looking for a Trust Seal.

“Typically, these seals are associated with secure sockets layer, or SSL for short,” states John Rampton, a Forbes contributor. “This simply means that your site has been verified and that there is a secure transmission for customers to safely enter their credit card information.”

When you are shopping online, you may have run into one of the seals and not even realized it. If you searched for a store through Google, for example, you probably have seen the small logo with a checkmark that states “Google Trusted Stores,” which is the search engine’s own Trust Seal. There are also several other companies that examine stores and give out trust seals.

“While trust seals are an important feature for [an] e-commerce website, which seals are the most reliable?” asks Rampton.  “In a survey conducted by the research group the Baymard Institute, the most trusted badge was Norton, with 36 percent of the votes. This was followed by McAfee (23 percent), TRUSTe (13.2 percent) and BBB Accredited (13.2 percent).”

The other ways that you can determine an online store’s trustworthiness are much less clear-cut than Trust Seals. Online reviews, for example, are one of the most important ways that consumers make decisions about a business’s reputation. If an online store has many positive reviews, you will likely feel safer giving it your credit card information. It is entirely possible for a good online store to not have many reviews, however, and positive reviews can be faked, so it is not a foolproof method.

It is also important to not ignore your gut feeling when shopping online. If you find a product for significantly less than every other store selling it, then that is a definite red flag. Another tactic to keep an eye out for is if a store claims to have the product you are looking for during an initial search, but then tries to redirect you to other similar products because they do not actually have what you need.

Furthermore, if a website doesn’t seem professionally designed, is extremely outdated, or very difficult to navigate, you may want to find another.

“Would you seriously give your credit card information to [a] website that looks like it belongs in 1995?” asks Rampton. “Common sense would say absolutely not.”

You should also look for contact information that would allow you to speak with an employee if you have questions or problems with your order. If there is no way to contact customer service, that is a big red flag.

Once you decide to make a purchase, there are further things to keep in mind.

“Don’t send your credit card details via email, post them on social media (even in a private message), or enter them on an unsecured website,” states Lexy Savvides from Cnet.com. “Don’t give away more information than you need. Retailers generally don’t need to know details like your date of birth or social security number, so why disclose it if you don’t have to?”

If you keep this information in mind and always choose the path of caution, you should be able to shop online without incident.

Includes copyrighted material of IMakeNews, Inc. and its suppliers.