CORPORATE ACCOUNT TAKEOVER
What is Corporate Account Takeover?
This is a fast growing electronic crime where cyber-thieves use various forms of malware (usually installing itself by an employee opening an email or link which is infected), or a false financial institution website to gain control of business accounts, obtain log-in and password credentials, and use these to fraudulently transfer funds from these accounts in the form of wire transfers, ACH payments, online bill pay, and electronic payroll.
What can business customers do to protect themselves?
There are several steps to protect against account takeover, including:
- Always initiate wire transfer and ACH payments under dual control. For example, one individual initiates creation of the payment file, and another approves the file for release.
- Use multiple factors to prove identity, such as something the person knows (user ID, PIN, password), and something the person has (random password-generating tokens, USB token).
- If multiple factor authentication is not practical, require use of "strong" passwords (combination of alpha, numeric, and special characters; change passwords regularly, prohibit sharing of user name and passwords with other employees, or third party providers.
- Restrict functions such as email and Web-browsing for computer workstations used for online banking, and access by other employees. This will reduce inadvertent downloading of malware or other viruses by users or access by unauthorized persons.
- Train staff members who utilize online banking and perform electronic transfer functions on corporate account takeover, internal controls and procedures to be followed, and how to react if a fraudulent transaction occurs. Your financial institution can provide resources for this training.
- Develop communication, verification, and transaction limits and pattern information and procedures with your financial institution to help detect and prevent fraudulent activity during initiation of the transaction before funds are transmitted.
- Ensure that the business data processing operating system and its components are up-to-date with current software patches, latest firewall protection, malicious code filtering, virus protection, and spyware removal software to protect against network intrusion.
- Review account activity daily for proper transactions, and reconcile the account frequently.
Please note: Federal banking regulations (specifically the Electronic Funds Transfer Act – Regulation E) do not protect business customers from fraudulent electronic funds transfers, so it is critical to establish sound controls at your business to protect against corporate account takeover.
What to do if your business has been victimized:
- Immediately cease all activity from workstations that may have been compromised. Disconnect network connections to isolate the systems from remote access and further fraudulent incidents.
- Immediately contact your financial institution, describe the situation and provide all details (what happened, who is affected, dates, times, contacts, and other information requested).
- Request the financial institution's assistance and advice with the following:
- Disabling online access to accounts.
- Changing passwords.
- Opening new account(s) if deemed necessary.
- Review recent maintenance activity on the account such as address changes, title, access and authority changes, PIN change, ordering new cards, checks or other account documents to ensure this was legitimate.
- File a police report.
In addition to training, information and other assistance by your financial institution, another resource recommended is www.onguardonline.gov.