Contact UsReport fraud or suspicious activity
Report a lost or stolen credit card
Report Suspicious Emails1-800-400-2781
Commercial Protection - Commercial Security Center
Switch to another Security Center:
Corporate Account Takeover Prevention
What is Corporate Account Takeover?
Corporate account takeover occurs when criminals gain control of a corporate account by stealing the business' valid online banking credentials. The most common way that theses cyber criminals gain access is by utilizing malware, commonly distributed via email links, phishing scams, social networking sites and malicious websites.
To obtain access to financial accounts, cyber criminals target employees (often senior executives, accounting or HR personnel and business partners) and cause the targeted individual to spread malicious software (malware) which in turn steals personal information and log-in credentials.
Once the account is compromised, the cyber-criminal is able to electronically steal money from corporate accounts. Cyber criminals also use various attack methods to exploit check archiving and verification services that enable them to issue counterfeit checks, impersonate the customer over the phone to arrange funds transfers, mimic legitimate communication from the financial institution to verify transactions, create unauthorized wire transfers and ACH payments, or initiate other changes to the account. In addition to targeting account information, cyber criminals also seek to gain customer lists and/or proprietary information.
Steps your organization can take to help prevent Corporate Account Takeover:
- Establish an account risk management program.
- Perform a risk assessment on medium and high-risk accounts.
- Perform an annual review of the funds transfer program, remote deposit capture program and other commercial online banking services.
- Enhance the security of your computer and networks.
- Minimize the number of, and restrict the functions for, computer workstations and laptops that are used for online banking and payments. A workstation used for online banking should not be used for general web browsing, emailing, and social networking.
- Conduct online banking and payments activity from at least one dedicated computer that is not used for other online activity.
- Do not leave computers with administrative privileges and/or computers with monetary functions unattended unless logged off or locked. Logoff or turn off and lock up computers when not in use. Use/install and maintain spam filters.
- Educate your employees in fraud prevention.
- Bank of the West will never send customers emails asking for customer ID, User ID, Passwords, credit card numbers, eImage ID or other sensitive information.
- Don't respond to or open attachments or click on links in unsolicited emails. If a message appears to be from your financial institution and requests account information, do not use any of the links provided.
- If you receive an email from an apparent legitimate source (such as the IRS, Better Business Bureau, Federal courts, UPS, etc.) contact the sender directly through other means to verify the authenticity. Be very wary of unsolicited or undesired email messages (also known as "spam") and the links contained in them.
- Be wary of pop-up messages claiming your machine is infected and offering software to scan and fix the problem, as it could actually be malicious software that allows the fraudster to remotely access and control your computer.
- Install and maintain real-time anti-virus and anti-spyware desktop firewall and malware detection and removal software. Ensure that all anti-virus and security software for all computer workstations and laptops, used for any online banking transactions is up to date and robust.
- Enhance the security of your banking processes and protocols.
- Implement dual custody. Initiate online payments under dual control using two separate computers. Reduce the risk of fraud and promote security by requiring two different users, each with their own User ID and Password, to review and approve online transactions such as: Wire Transfers, ACH, External Account Transfers, Basic Payroll Payments and Tax Payments.
- Positive Pay. Help protect your organization from theft and fraud by maintaining control of your disbursement process. Receive timely protection with alerts to potentially fraudulent items early each morning. Improve audit capabilities and save time verifying checks issued against checks paid.
- Monitor and reconcile transactions and accounts at least once daily.
- If you detect suspicious activity, immediately cease all online activity and remove any computer systems that may be compromised from the network.
- If you notice suspicious activity on your Bank of the West accounts, call us at 1-800-488-2265.
- Contact your local police and file a report.
Sound Business Practices for Financial Institutions to Mitigate Corporate Account Takeover: https://www.nacha.org/content/account-takeover-resource-center
FCC Business Cyber Planner: http://transition.fcc.gov/cyber/cyberplanner.pdf
Protect your organization from financial losses by considering the following fraud tools and security tips.
- Use Positive Pay. Help protect your organization from theft and fraud by maintaining control of your disbursement process. Positive pay systematically compares checks presented for payment to your issued-check files to detect serial numbers and dollar amounts that don't match.
- Use check stock that contains multiple security features. Examples of high security check features include: watermarks, heat sensitive ink, fluorescent fibers, micro printing, warning bands and chemical wash box.
- Establish tight controls over the storage and distribution of check stock. Maintain an inventory list and conduct audits. Shred checks and statements you no longer need.
- Ensure separation of duties. Check writers should not reconcile the accounts. Delegate separate individuals for invoicing and collecting and posting funds to Accounts Receivable. Conduct periodic reviews.
ACH and Wire Fraud
- Use an ACH debit block/filter to specify which organizations are authorized to post ACH debits to your accounts. Automatically block organizations that are not authorized. You can also set dollar-limit ceilings or block all ACH debits from posting.
- ACH transaction review. Review and confirm ACH debit and credit transactions that post to your account. Filter transactions you wish to review by setting review thresholds based on debits, credits, company ID and dollar amounts.
- Initiate ACH and wire payments under dual control, with one person originating the transaction and a separate individual authorizing (approving) the transaction before it is sent.
If you believe you are the victim of fraud or suspicious activity, call Bank of the West immediately at 1-800-488-2265.
To report a lost or stolen credit card, call us at 1-800-996-2638.
IIf you've received a suspicious email, let us know by emailing us at:
Need more information on what to do in case of fraud?
Report Fraud or Suspicious Activity >