FDIC-Insured - Backed by the full faith and credit of the U.S. Government
African woman using mobile phone
The successful management of your cash flow is an essential task in the life of a small business owner. Your Americana Community Bank Cash Management team gives you the power to manage your ACH, wire origination, payroll, and other important financial matters, allowing you the opportunity to maintain control.
No matter if you are an experienced cash management product user or just starting out, your ACB Cash Management professionals will guide you in getting your services up and running. Whether by phone, email, or in-person (your choice), we will provide you with in-depth, experienced advice on how to tailor our cash management products and services to your needs so you can watch your business grow.
Call your ACB banker today to learn more about Americana Community Bank Cash Management Services, including ACH Origination (Debit and/or Credit), Deposit Advantage (our remote deposit capture system), Digital Wire Origination, Check Positive Pay, and ACH Positive Pay.
This document summarizes information included in a piece released by the US Secret Service, the U.S. FBI, The Internet Crime Complaint Center (IC3), and the Financial Services Information Sharing and Analysis Center (FS-ISAC), entitled, “Fraud Advisory for Business: Corporate Account Take Over (CATO)”. Information contained here is intended to provide basic information about the increasing threat of CATO and to help you establish security processes of your own. However, these attacks – these threats – are continuously evolving and you must stay up-to-date to enforce your security posture.
Cybercriminals are targeting the financial accounts of owners and employees of small- and medium-sized businesses, resulting in significant business disruption and substantial monetary losses due to fraudulent transfers from these accounts. Often these funds cannot be recovered.*
To obtain access to financial accounts, cybercriminals target employees – often senior executives or accounting and HR personnel, although any employee can be vulnerable- and business partners, including contractors, accountants, and other third parties, and cause the targeted individual to spread malicious software (or “malware”) which in turn steals their personal information and login credentials. Once the account is compromised, the cybercriminal is able to electronically steal money from business accounts.
Cybercriminals also use various attack methods to:
In addition to targeting account information, cybercriminals also seek to gain customer lists and/or proprietary information – often through the spread of malware – that can cause indirect losses and reputational damage to a business.
First identified in 2006, this fraud, known as “corporate account take over,” once attacked mostly large corporations, but cybercriminals have now begun to target municipalities, smaller businesses, and non-profit organizations. Thousands of businesses, small and large, have reportedly fallen victim to this type of fraud. Educating** all stakeholders (financial institutions, businesses, and consumers) on how to identify and protect themselves against this activity is the first step to combating cybercriminal activity.
How It’s Done
Cybercriminals trick victims into divulging personal or account information by:
Methods used to trick you into opening an attachment or clicking on a link include:
The criminal’s goal is to get you to open the infected attachment or click on the link so hidden malware (software designed to harm) can be downloaded to your computer. This malware allows the fraudster to “see” and track your activities across the business’ internal network and on the Internet. The tracking may include visits to your financial institution and use of your online banking credentials (used to access account information, login information, and passwords). Using this information, the fraudster can conduct unauthorized transactions that appear to be legitimate transactions conducted by you or your employee.
How to Protect, Detect, and Respond
Protect
1. Educate everyone on this type of fraud scheme.
2. Enhance the security of your computer and networks to protect against this fraud.***
3. Enhance the security of your corporate banking processes and protocols.
4. Understand your responsibilities and liabilities.
Detect
5. Monitor and reconcile accounts at least once each day.
6. Note any changes in the performance of your computer:
7. Pay attention to warnings.
8. Be on the alert for rogue emails.
9. Run regular virus and malware scans of your computer’s hard drive.
10. Discuss the options offered by your financial institution to help detect or prevent out-of-pattern activity (including both routine and red flag reporting for transaction activity).
Respond
11. If you detect suspicious activity, immediately cease all online activity and remove any computer systems that may be compromised from the network.
12. Make sure your employees know how and to whom to report suspicious activity within your company and at your financial institution.
13. Immediately contact your financial institution so that the following actions may be taken:
14. Maintain a written chronology of what happened, what was lost, and the steps taken to report the incident to the various agencies, financial institutions, and firms impacted.
15. File a police report.
16. Have a contingency plan to recover systems suspected of compromise.
17. Consider whether other company or personal data may have been compromised.
18. Report exposures to PCI DSS, if appropriate.
Additional Resources:
Footnotes:
*Consumer accounts are subject to Federal Reserve Regulations E (12C.F.R. Part 205) which requires banks to provide reimbursement for certain losses. Regulation E does not apply to business accounts. Therefore, banks are not required to provide reimbursement for certain losses.
**This advisory was created through a collaborative cross-industry effort to develop and distribute recommended practices to prevent, detect, and respond to corporate and consumer account takeovers. Led by the Financial Services Information Sharing and Analysis Center (FS-ISAC), contributors include more than 30 of the largest financial institutions in the U.S., industry associations including the American Bankers Association (ABA), NACHA – The Electronic Payments Association, BITS/The Financial Services Roundtable, and federal regulatory and law enforcement agencies. This advisory is an update to recommendations previously released in August 2009 by the FS-ISAC, FBI, and NACHA, and the NACHA (Operations Bulletin) in December 2009.
*** See the “Resources” section of this document for links to helpful and detailed tips on how to enhance your information technology (IT) security.
The ACH Network holds the key to the future. It uses technology to move money; enhancing lives and sustaining companies. The steps below will take you to the Nacha Operating Rules and Guidelines, which are the framework of ACH payments. Not only will your company better attain its financial goals with this knowledge, but abiding by them will protect your company and its payees.
Included in the Rules are the obligations of companies using ACH. You will also find, on the site, details about Rule enforcement, annual audit requirements, a table of Return Reason codes, and formatting specifications.
The instructions below give you access to the Basic Version of the Nacha Operating Rules and Guidelines, which is in pdf form. You are not able to print this pdf. You will be given the option upon logging in to upgrade to a premium version, which gives you more options for accessing the rules.
Here are the steps to accessing the rules for processing ACH:
The Federal Reserve System (often referred to as “The Fed”) is closed on federal holidays. Some Cash Management services will be affected on those dates:
ACH files will not be processed.
Deposit Advantage deposits made on these days will post on the following business day.
Other services may also be affected.
In addition, ACB branches will close at noon on Dec. 24 and at 3pm on Dec. 31.
Please contact your ACB Cash Management specialist at eBizHelp@AmericanaFinancial.com for answers to your Cash Management questions.
Click here to see a demo of ACB’s Digital Business Banking. Contact your ACB Cash Management Specialist to enroll today!
ACH Origination for Direct Deposit Payments :
Want to automate your payroll and/or vendor payments? With ACH Origination services, you can electronically deposit funds into your employees’ checking and savings accounts and schedule routine payments to any number of payees. Set up templates on your phone or laptop in our digital banking site, making these processes automated! Remove the worry of lost, stolen, or fraudulent checks affecting your business.
ACH Origination for Direct Debit Billings :
Want to automate your business’ billing process? With ACH origination through ACB, you can automatically debit your customers’ accounts for rent, dues, membership fees, and other services you may provide. You can set up automatic, recurring debits to pull these fees every day/week/month, or you can create templates for ease of access for those more sporadic debit collections.
Process a large volume of physical checks for your business? With Deposit Advantage remote deposit capture services, you can scan and send checks to your Americana Community Bank accounts with ease from your place of business. Gain quicker access to your funds, track every transaction, and obtain better reporting processes.
Want to avoid having to make trips to your nearest branch to originate domestic and international wire transfers? With Americana Community Bank Digital Wire Transfers you can originate wires from the comfort of your home or office. Have recurring wires? We also give you the ability to set up templates for those recurring wires.
With Americana Community Bank Check Positive Pay, a list of checks to be paid, including check number and amount, is uploaded or manually entered. If there are any discrepancies between the uploaded list and checks deposited at a receiving financial institution, the potentially fraudulent check will be marked as an exception in your digital banking site and can be returned at the click of a button. Reduce the worry about fraudulent checks being cashed against your business’ accounts. With Check Positive Pay, you will be able to review checks for discrepancies before they are cashed, which will help reduce accounting errors and promote safer business practices.
ACH Positive Pay allows you to set and manage ACH controls to protect against potential fraud. You will be able to allow, block, and monitor ACHs based upon transaction types, company IDs, and SEC codes. Have a known fraudulent entity? Add them to the blacklist to bar them from crediting and/or debiting your account. Have a transaction type that you want to monitor because of heightened fraud risks? Add that transaction type to the watchlist to be notified via email of activities to then review and approve or deny.