Safe Practices for Online Commercial Banking
Due to the large amounts of money frequently involved, online commercial banking demands extra layers of vigilance, diligence and scrutiny.
What we do
- We use firewall systems and intrusion detection software to protect our systems.
- We protect the confidentiality of your data by encrypting sensitive information with 128-bit Secure Socket Layer (SSL). This is designed to ensure that sensitive information can only be viewed by you and Elsewhere Bank.
- We build information security into our systems and networks using industry-recognized security standards, protocols and best practices.
- We employ layered security controls including strong authentication methods following guidance provided to us by Federal banking regulators.
- We require our employees to take information security awareness training and to apply this training to their job every day.
What you should do
While it is your responsibility to safeguard your own data, including information that can be used to access or transact against your accounts at Elsewhere Bank, we recommend that you consider implementing the following data security controls for your business:
Protect online payments and account data
- Evaluate your internal controls for online banking and conduct an annual risk assessment. Identify gaps and continuous improvement opportunities to ensure the safety of your financial data and resources.
- Dedicate and restrict one computer to online banking transactions.
- Allow no Internet browsing or email exchange and ensure this computer is equipped with the latest versions of anti-virus and anti-spyware software.
- Segregate responsibilities among different employees by maintenance, entry and approval.
- Delete online user IDs as part of the exit procedure when employees leave your company.
- Assign dual system administrators for online cash management services.
- Periodically evaluate employee job functions and remove online services.
- Establish transaction limits for employees who initiate and approve online payments.
- Set up alerts to notify manager of payments initiated above a threshold amount that warrant management’s attention.
- Use dual controls
- Require multiple users to release an online payment because it is less likely a fraudster would control the workstation of both initiating employees.
- Reconcile by carefully monitoring account activity and reviewing all transactions initiated by your company on a daily basis.
- Use separate accounts for electronic and paper transactions to simplify monitoring and tracking any discrepancies.
Best practices for online banking security
- Use strong, complete passwords that contain:
- Alpha/numeric characters and symbols
- Upper and lower case characters
- Minimum of 12 characters (longer is recommended)
- No real words or names of family, friends or pets
- Use all characters available on keyboard
- Avoid strings of identical characters
- Change your passwords regularly and use a different password for each website you access.
- Never reveal your confidential user ID, password, PIN or answers to security questions to anyone.
- Never reveal your confidential user ID, password, PIN or answers to your security questions by email.
- Never share your security token.
- Report lost or stolen tokens immediately.
- Never bank online using computers at kiosks, cafes, unsecured computers, or unsecured wireless networks.
- Prohibit the use of shared user names and passwords for your online banking accounts.
Tips to avoid phishing, spyware and malware
- Never open email from unknown sources.
- Never respond to suspicious email or click on any hyperlink embedded in a suspicious email:
- Call the purported source if you are unsure who sent an email.
- If an email claims to be from your bank, call a client services representative.
- Educate your staff about current scams and loss-prevention steps.
- Make sure all of the computers your staff members use for work-related business (at the office and at home) have the latest versions of anti-virus and anti-spyware software.
- Maintain updated and patched systems and software.
- Install a firewall between your computers and the Internet.
- Restrict administrative rights to install programs to IT staff.
- Check your settings and select at least a medium level of security for your browsers.
- Clear the browser cache before starting an online banking session to eliminate copies of web pages that have been stored on the hard drive.
The Web can be a scary place. Be prepared. Stay informed.
Global access to information, entertainment, credit and financial services is easier than ever. Thanks to the Internet, you can play chess with an opponent across the ocean, watch videos or get expert advice in an instant.
But the Internet also can give online scammers, hackers, and identity thieves access to your computer, personal information, finances and more. With awareness as your safety net, you can minimize the chance of an Internet mishap.