Smart Security Practices for Online Banking
A. Accessing Sunwestbank.com securely:
Always access Sunwest Bank's Internet banking by typing in the correct website address www.sunwestbank.com into your browser. Never click on a link in an email to take you to a website and enter personal details either in the email or website.
Check your banking session is secure:
There are two simple indicators that will tell you if your session is secure. The first is the use of https:// in the URL. Some browsers such as Mozilla Firefox change the color of the URL window when you are in a secure session. The other indicator is the presence of a digital certificate represented by a padlock or key in the bottom right hand corner. If you double click on this icon it should provide you with information about the organization with which you have entered in to a secure session.
Always completely log off from your internet banking session:
It is important to completely log off from your Internet banking session; simply closing the window you performed the transaction may not close the banking session. If your computer is infected with malware, your session may become hijacked by a criminal and financial transactions may be performed without your knowledge. It is also advisable to disconnect from the Internet if you are not planning to use it.
B. Email Notices and Alerts
Sunwest Bank may send an email notice or alert, however:
- We will never ask you to provide any personal or account information via email.
- We will never ask for your Access ID or password.
- You should never send personal or account information via email.
C. Password and PIN Security:
You should always be wary if you receive unsolicited emails or calls asking you to disclose any personal details or card numbers. This information should be kept confidential at all times. Be cautious about disclosing personal information to individuals you do not know. Please remember that Sunwest Bank would never contact you directly to ask you to disclose your PIN or your password information.
- Do not write down your Access ID or password.
- Avoid predictable passwords that could be easily guessed by others.
- Do not share your password with anyone.
- Include both letters and numbers in your password.
- Change your password on a regular basis; every 90 days is recommended.
- Avoid storing or saving your password in software or applications.
- Use extra caution when using a public computer.
D. Be Alert to Common Internet Scams:
If it sounds too good to be true - it probably is:
Don't be conned by convincing emails offering you the chance to make some easy money. As with most things, if it looks too good to be true, it probably is! Be cautious of unsolicited emails from overseas - it is much harder to prove legitimacy of the organizations behind the emails.
Social engineering is still often used to obtain sensitive information. For example, never trust e-mails requesting personal information such as user names or passwords. If you receive an email with a link to an unknown site, avoid the instinct to click it immediately even if it seems to have been sent from one of your contacts
Phishing is an internet scam that involves an email which appears to be from a legitimate company, bank, or government agency. The emails typically warn of a potential problem with your account and requests that you follow a link and provide personal or account credentials to update your information. You should never reply to these emails, open any attachments, or follow any of the links provided. If you believe an email to be legitimate, you should contact the company using your usual and known contact information.
Pharming is a type of fraud that involves redirection from a legitimate website to a website that appears to be legitimate, but has been created by fraudsters in an attempt to gain your personal or account information.
E. PC Security:
It is important to use up-to-date anti-virus and anti-malware software and a personal firewall. If your computer uses Microsoft Windows operating system, it is important to keep it updated via the Windows Update feature; equally if you use another PC operating system or have an Apple Mac, you should check regularly for updates. You should be vigilant if you use Internet cafes or a computer that is not your own and over which you have no control.
- Install anti-virus and anti-malware software and keep it up to date.
- Use a firewall. This can protect against potential hackers and prevent access to questionable connections.
- Use anti-spyware. Often bundled with anti-virus software, this can prevent your activities from being monitored and keep your browser from improperly directing you to an unintended website.
- Disable Scripting. Unless you create VB Scripts you can disable Script Hosting. This is the weakness exploited by some computer viruses.
- Disable File sharing. Any computer with Internet file sharing activated offers its content freely to outsiders. You can easily check and change the setting. Depending on your operating system, select Settings, or Control Panel, then Network and File Sharing. Under the Configuration tab, select TCP/IP, click on File and Print Sharing. If either of the two check boxes that appear show ticks, click on them to uncheck them.
- Apply Patches. For greater security, apply patches, which are small software add-ons designed to deal with specific security holes and other computer problems. You'll find all the patches you need on your operating system’s website.
- Use a Dedicated Online Banking PC. Designate a single computer to use as your business's online account machine solely for online banking and not for other activities such as e-mail, web browsing, or file sharing. Infecting a computer is much easier if that computer is regularly connected to the internet or used for email.
- Use an email encryption service to protect non-public confidential information from being exposed in communications that use the Internet.
F. Check your Account Balances and Transactions each day:
Electronic transactions, such as those through the Automated Clearing House (ACH), are not usually processed until the next business day. If you catch a fraudulent transaction at the end of a business day, you may be able to cancel it before any funds are transferred. Set up alerts through Online Banking to automatically send you notification of transactions posting to your account. Sign up for eStatements to reduce the possibility of your account information falling into the wrong hands. Anyone with access to your home or mail may have access to your financial records. Be vigilant in protecting your personal financial information.
G. Check your statements:
It is important to check your statements regularly; a quick check will help identify any erroneous or criminal transactions that might have been performed on your account without your knowledge.
H. Sign Up for Fraud Prevention
Account blocks can be requested to prevent any transaction from posting to your account. Business accounts are eligible to sign up for Positive Pay services to help identify check fraud such as paid checks that were never issued, or where the amount was altered. Detecting fraud early is a great way to prevent losses and return items before the 24 hour deadline. Check with your banking office or relationship manager if you are interested in Positive Pay or other fraud prevention products.
I. Establish Dual Control:
For businesses, Sunwest Bank offers "dual control" over your account. Once this safeguard is in place, two individuals from your organization will need to log on and authorize transactions such as ACH origination or wire requests. With dual control in place, a hacker would need to breach two user accounts in order to commit a fraudulent transaction.
J. Train Employees
Education and training employees in security best practices can further reduce risks. The weakest link in a business’s online banking security can be due to employees or contractors who are not educated about safe security practices to prevent or detect fraud.
Business Resources for Online Banking Security and Risks
Conducting Your Transactions Online
Federal financial regulators are reporting that Internet threats have changed significantly over the past several years. Sophisticated hacking techniques and growing organized cyber-criminal groups are increasingly targeting financial institutions, compromising security controls, and engaging in online account takeovers and fraudulent electronic funds transfers. In order to help ensure the security of your online transactions, we want you to know that:
- We will never email, call or otherwise ask you for your user name, password or other electronic banking credentials.
- Protect yourself by implementing alternative risk control processes, such as two-step verification.
- Ensure you choose an adequate user name and password that, at a minimum, mixes in small case letters, upper case letters and numbers.
- Periodically changing your password (e.g., at least every 90 days).
- Safeguarding your Access ID and password information.
- Ensure you have a firewall in place when conducting financial transactions.
- Logging off the system when you’re done conducting business (not just by closing or pressing “X” out of the page or browser tab).
- Monitoring your account activity on a regular basis.
In addition, we may require owners of commercial accounts to perform their own risk assessments and controls evaluations. For example:
- Make a list of the risks related to online transactions that your business faces including:
- Passwords being written down and left out in the open.
- The use of old or inadequate passwords.
- The possibility of internal fraud or theft.
- Delays in terminating the rights of former employees.
- The lack of dual control or other checks and balances over individual access to online transaction capabilities.
- An evaluation of controls your business uses may include:
- Using password protected software to house passwords.
- Conducting employee background checks.
- Initiating a policy and process to terminate access for former employees.
- Segregating duties among two or more people so no one person has too much access or control.
- Conducting internal or third party audits of controls.
- Using firewalls to protect from outside intrusion or hackers.
Helpful Links and Information
Recommendations for businesses – protecting your business from Corporate Account Takeover from the FBI Internet Crime Complaint Center(IC3)
California Department of Financial Institutions – Best Practices – Reducing the Risks of Corporate Account Takeovers (PDF)