Online security is not only a concern for personal banking transactions, but for business banking as well. Fortunately, there are financial standards in place to help banks and their business customers make online banking safe from unauthorized funds transfers.
Understanding Business Banking Risk
The Federal Financial Institutions Examination Council (FFIEC) reports there have been significant changes in the threat landscape for businesses in recent years. Experienced fraudsters, often part of organized criminal groups, continue to develop more sophisticated means of account hijacking and accessing customer information. Commercial accounts have an increased level of risk for their transaction frequency and comparatively higher dollar amounts than the average consumer transactions.
Security Recommendations for Business Accounts
Business account holders should take the following steps to help combat fraud:
- Conduct periodic assessment of their internal controls.
- Use layered security for system administrators.
- Initiate enhanced controls for high-dollar transactions.
- Provide increased levels of security as transaction risks increase.
- Offer customers multi-factor authentication.
Security Plans Implemented by Banks
Financial institutions are advised to utilize security controls that are consistent with the increased level of risk for business transactions. Preventive controls may include requiring additional authentication or sending an immediate transaction verification notice to the account holder.
Layered Security Measures
Banks use single and multi-factor account authentication and layered security when necessary – layered security refers to using different controls at different points in the transaction process. Through this process, banks can authenticate customers more accurately, respond to suspicious account activity more efficiently and reconfirm authentication for future transfers. For business accounts in particular, enhanced controls for system administrators may be offered, such as setting access rights and limitations on transaction dollar amounts.
Additional verification procedures or layers of control include:
- Fraud detection and monitoring systems for customer history and behavior.
- Dual customer authorization through different access devices.
- Debit blocks and other techniques to appropriately limit the transactional use of the account.
- Transaction value thresholds, including the number per day and payment windows.
- Policies and practices for addressing customer devices identified as potentially compromised and customers who may be facilitating fraud.
- Account maintenance controls over activities performed by customers, either online or through customer service channels.
If you are a business account holder who suspects fraudulent activity, contact us today!