Best Practices for Safeguarding Your INTRUST Accounts

There are online and mobile banking best practices you can implement to help decrease your business’s risk of falling victim to fraud. These include:

• Verifying the validity of payment changes or requests for payment that you may not be expecting.
• Incorporating best practices such as password security and ensuring employees are only provided rights to online and mobile banking as required.
• Enrolling in Positive Pay and alerts to add an additional layer of review before payments are made.

Adding these levels of defense within your online and mobile banking environment can help reduce the number and severity of an event or incident that may occur.

Include all employees

Everyone at every level of your business plays a crucial role in helping prevent fraud. Your IT team, if you have one, can help ensure your computer systems are secure and up to date. But cyberattacks begin in many other ways, including through simple human error — an employee being tricked by an email, phone call, or text message from a cybercriminal.

It’s important for all employees, but especially users of INTRUST Business Online and Mobile Banking, to be aware of the ways in which attackers can attempt to gain sensitive information and trick or force an employee into taking an action (such as authorizing a fraudulent payment). When employees are aware, they are better equipped to treat requests with caution, take time to verify them, and follow best practices that decrease the risk of fraud.

Train your employees to identify social engineering

While you and your employees may, in many ways, be your company’s greatest asset, you can also quickly become a liability by unknowingly acting as the access point to your financial accounts and information. That’s because cybercriminals know that while computers can be difficult to manipulate, humans are much more susceptible to deception.

Most commonly, these scammers will send phishing emails that include an unauthorized request for a funds transfer or a link that, when clicked, will install malicious software on the recipient’s computer. To learn more about phishing, how to spot it, and how to prevent becoming a victim of phishing scams, review our article on business email compromise.

Verify requests

One of the most effective ways to identify and avoid a social engineering attempt is through verification. Here’s how:

• When you receive a non-routine request for a payment via email, take the time to contact the individual or business requesting the payment to verify the request is legitimate.
• You may contact the requester by phone or email, but do not call any phone number included in the original email request, and do not reply directly to the email you received.
• Instead, find an alternate phone number or email that you know is legitimate to contact the requesting party and check that the request is valid.

While verification does add an extra step in the process and increases the amount of time it takes to process payments, it may save you and your business from losing even more if the request is fraudulent.

If you are unable to verify a request before making a payment from one of your INTRUST accounts and believe that you are the victim of fraud, it’s important to report it immediately. The sooner we are aware of a potential compromise, the more likely we will be able to intervene.

Share these general online security tips

Here are a few additional online security tips to pass along to your employees:

• Create strong passwords. Understand password best practices, including why it’s important to prioritize length over complexity.
• Verify links. Always double-check links before clicking. Read the URL closely and hover your mouse over it to make sure you recognize where it’s going to take you. Treat unsolicited emails and suspicious URLs with caution.
• Use HTTPS. Only visit websites with SSL certificates, which include the “https://” protocol for encrypted communication.
• Be mindful of personal information. Avoid sharing sensitive account information and details online or in an email.
• Stay educated. Read information about cybersecurity and evolving online threats to ensure you and your employees are prepared to make informed decisions.
• Install updates. Keep your software, apps, and devices up to date to ensure you fix any vulnerabilities.

Understand the supplemental tools available to you

While it is up to employees to be aware of the ways in which they can unintentionally aid fraud through business email compromise, there are also tools available within INTRUST Business Online and Mobile Banking that can help reduce a business’s exposure to other types of fraud, such as ACH and check fraud.

Check Positive Pay

Check Positive Pay provides early detection of fraudulent, altered, or counterfeit checks. Checks presented for payment are verified daily against a file that you provide to INTRUST Bank. Only checks that match the items in the file are automatically paid. If a check is presented that does not match, you receive an email alert detailing the exception. After reviewing the check, you can determine whether or not to pay it. Learn more about Check Positive Pay.

ACH Positive Pay

Similar to the way that Check Positive Pay prevents check fraud, ACH Positive Pay prevents unauthorized ACH activity on your business accounts. Based on rules that you define (for example, dollar thresholds or a predefined list of approved recipients) the ACH Positive Pay system determines which ACH transactions will automatically pay and which ACH debits will require your review to approve or reject. If a presented ACH debit transaction does not meet your predefined rules, you receive an email alert detailing the exception. You then decide if you would like to process the ACH payment. Learn more about ACH Positive Pay.

Alerts

Whether or not you take advantage of either of these Positive Pay tools, it is important that you consistently monitor ACH transactions, wire transfers, and bill payments within online and mobile banking. Look for suspicious activity on statements and verify the source of all debits.

If you are not regularly spending time in online or mobile banking, you can leverage alerts to notify you of important activity occurring on your accounts, including new ACH and wire payments, or a change to a user’s entitlements. Alerts can come in the form of email, desktop notification, or text messages and are available to all users. Select the alert method or methods that are most likely to catch your attention.

Entitlements and limits

Business Online and Mobile Banking provides comprehensive user management tools that are designed to give each user only the access they need to perform the responsibilities of their role. At the individual user level, company administrators can assign needed access and restrict access to all other accounts. For the accounts the user can access, your company admin can use ‘entitlements’ to select which tools (such as transfers, ACH origination or wire payments) the individual can use.

As another layer of risk mitigation, the admin should also set transaction-level and daily dollar ‘limits’ on the amounts each user is able perform.

Keep your employees informed

If you have multiple users performing online banking functions, make sure they are properly trained and understand the importance of keeping your company’s information and banking activity secure. Regularly reviewing the best practices included in this article with your employees can help them understand how to spot a scam and what to do when they encounter one.

It’s also important that administrators take the time to routinely review your list of online and mobile banking users, including their entitlements and limits, to ensure they have the appropriate level of access.

Implementing these best practices can help you create and maintain a consistent workflow process for everyone across your organization, enhancing the security of your online accounts.