Fraud Prevention Best Practices
The unfortunate truth is fraudsters and cybercriminals are out there. We must make protecting ourselves and our businesses part of our daily routines. Below are pro tips and best practices First National has developed over more than 100 years of overcoming fraud in Alaska and nationwide.
Pro tips for fraud prevention
- Choose strong passwords that are at least eight characters and contain numbers, lower and upper case letters, and special characters. Do not use the same passwords between websites, and do not share your password with others.
- Protect your devices from malware by keeping your software up-to-date and running updated anti-virus software if appropriate.
- Control physical access to your computer or mobile device to prevent unauthorized access to your online accounts and prevent the possibility of malicious software, such as key loggers or tracking software, from being installed. Use a password to lock your computer or mobile device.
- Do not provide personal information by email, text, or phone call. First National will never contact you and ask for passwords or personal account information.
- Never give out your personal or business account information over the phone unless you initiate the call to a trusted source.
- Safeguard your paper trail by enrolling in online banking and e-statements.
- Protect your online environment. Do not use unprotected internet connections such as public wifi.
- Be social media aware. When using social media platforms, never give our private or financial information.
- Report fraud immediately - Reporting fraud in a timely manner can help minimize the impact and may lessen your personal liability.
Business best practices
Gain peace of mind - proactively protect your accounts by following these best practices.
Secure access
- Access Business Online Banking at FNBAlaska.com or through your FNBizApp.
- Never click a link in an email or text to sign into FNBAlaska.com. First National will never ask you to log in through an unprompted link.
- Use strong passwords, and never share your usernames and passwords.
Know your employees
- Perform credit and background checks on employees with access to accounts, account records and cash.
- Call at least three references to verify information when hiring new employees.
- Delete or disable former employees from critical systems.
- Build an internal verification process when changing direct deposit information. Validate updates directly with the employee.
Know your vendors
- Verify all requests for changes to payment instructions or other information using a different channel of communication than the one used by the requestor.
- Build a validation process internally prior to updating any settlement accounts.
- Contact company executives directly to verify their requests using contact information already on file. Do not use the information provided by the requestor.
- Reconcile vendor payments to their paid invoices or outstanding balances.
- Beware of red flags such as false urgency, confidential requests, or unrecognized email domains.
Protect your login information
- Make sure your employees have unique usernames and passwords.
- Periodically verify employee contact information is up to date so notifications and validation codes are not sent to outdated emails and phone numbers.
- Ensure users have the appropriate level of authorization and access for their job duties.
Manage issued checks
- Maintain internal check registers and provide updated Positive Pay files to your bank.
- Update registers daily or based on the frequency of check issuance.
Dual custody
- Create a dual custody process for updating payment instructions.
- Use dual custody to verify payment details before they are sent.
- Verify transactions both before initiating and during approval.
- Verify payment requests received by email are authentic by calling a known number for the vendor
- Require dual signature for high dollar transactions.
- Have two or more employees monitor Positive Pay and ACH Fraud exception items.
Separate duties
- Split check writing and reconciliation duties.
- Rotate employees in financially sensitive assignments.
Control check stock
- Store all check stock, deposit slips, check-writing equipment and other sensitive documents in a locked space.
- Minimize personnel responsible for handling check stock orders and periodically rotate their duties.
- Change locks and combinations when an authorized employee leaves the company.
- Periodically review inventory checks and shred outdated or unused stock.
- Mail checks immediately after signing.
Monitor account activity
- Review transactions and balances daily to help detect unusual or suspicious activity.
- Report any unauthorized ACH transactions immediately.
- Report errors immediately.
- Compare the payee name on checks with the payee names listed on your check register. Ask about our Positive Pay service to mitigate check fraud.
Conduct surprise audits
- Perform unscheduled audits to deter employees from committing fraudulent activities. Most embezzlement is a crime of opportunity.
Fraud education
- Inform employees about current fraud trends, including but not limited to:
- Business email compromise (BEC)
- Imposter fraud
- Phishing - fraudulent emails and links
- Vishing - fraudulent phone calls or texts
- Spear phishing - phishing attacks targeting an individual or group
- ACH Fraud
- Check and Check Payee fraud
- Avoid impersonation fraud by maintaining an open environment and allowing staff to question unusual transactions.
Information Technology (IT)
- Shield networks from unauthorized access.
- Do not allow external devices to plug into any USB ports.
- Back up important data and test backups regularly.
- Regularly update systems and programs.
- Use multi-factor authentication.
- Ensure you are PCI-compliant.
Immediately notify First National of any compromised accounts or suspected fraud.
Protect yourself and your business from fraud
Our team stands ready to help you safeguard your business.