Corporate Account Takeover

Printer-friendly VersionPrinter-friendly Version
Tips to Protect Small Biz Customer from Corporate Account Takeover

In light of the July 6 decision
by the U.S. Federal Court of Appeals for the First Circuit regarding a bank's
liability when cyber fraud occurs, IBAT, with endorsed service provider Dell
Secureworks, has prepared five tips for banks to share with their business
customers to prevent corporate account takeover (CATO) and other types of cyber
fraud.

  1. Use
    a computer that is dedicated only to handling online banking and bill pay.      
    That computer or virtualized desktop would not have any other capabilities,
    such as sending and receiving emails or surfing the Web, since Web exploits and
    malicious email are two of the key malware infection vectors. 
  2. Online
    computer users should avoid using weak or default passwords for any online site
    and should refrain from using the same password for multiple sites.     
    Use a "password manager" to put all your passwords in one database and avoid
    using the same password for more than one website
  3. Institute
    and enforce a centralized plan for keeping computer applications, operating
    systems and security software updated.     Make sure servers and workstations
    are fully patched promptly and regularly.
  4. Implement
    a robust Intrusion Prevention Solution (IPS) to defend against cyber threats.
    An IPS provides policies and rules to block suspicious network traffic such as
    Web exploit kit attacks, SQL injection attacks, and banking Trojans that infect
    computers and steal data that allow intruders access to your banking accounts.
  5. Before
    clicking on links or attachments in emails, always verify that the
    correspondent sent you the email with the link or attachment.     Hackers are
    known for breaking into email accounts and sending malicious links and
    attachments. Verify with the sender to confirm the links or attachments are
    safe to click or open.

Also, please refer to the earlier guidance by
the FFIEC, a webinar
conducted by the Texas Department of Banking and the Texas
Bankers Electronic Crimes Task Force - Best Practices Reducing the Risks of
Corporate Account Takeovers as resources to help protect your customers
from fraud. CATO is just one of the many IT security topics that will be
discussed at IBAT's IT
Security Summit on August 9.