Online Banking Fraud Prevention Best Practices
The following are Vista Bank’s recommendations for securing computer systems used for online banking:
- Be suspicious of e-mails purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, PIN codes, and similar information. Opening file attachments or clicking on web links in suspicious emails could expose your system to malicious code that could hijack your computer.
- Never provide sensitive or personal information in response to an e-mail message, even if it appears to be from your financial institution. If you are uncertain whether they have actually requested this information, contact them by telephone.
- Never send confidential banking information to anyone using regular email.
- Install a dedicated, actively managed firewall, especially if using a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to your network and computers.
- Create a “strong” password with at least 10 characters that includes a combination of mixed case letters, numbers, and special characters.
- Use a different password for each website that is accessed.
- Change your password a few times each year even if the website does not require it.
- Never share username and password information for Online Services with third-party providers.
- Install commercial anti-virus and desktop firewall software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
- Ensure virus protection and security software are updated regularly.
- Ensure computers are patched regularly particularly operating system and key application with security patches. It may be possible to sign up for automatic updates for the operating system and many applications.
- Consider installing spyware detection programs.
- Clear the browser cache before starting an Online Banking session in order to eliminate copies of web pages that have been stored on the hard drive. How the cache is cleared will depend on the browser and version you are using. This function is generally found in the browser’s preferences menu.
- Verify use of a secure session (https not http) in the browser for all online banking.
- Avoid using an automatic login features that save usernames and passwords for online banking.
- Disable auto-complete features on your computer.
- Never leave a computer unattended while using any online banking or investing service.
- Never access banking or other financial services information at Internet cafes, public libraries, or other unsecured public wireless systems. Unauthorized software may have been installed to trap account number and sign on information leaving you vulnerable to possible fraud.
- Immediately escalate any suspicious transactions to us, particularly ACH or wire transfers. There is a limited recovery window for these transactions and immediate escalation may prevent further loss.
For Our Business Customers:
- Carry out all online banking activities from a stand-alone, hardened, and completely locked down computer system from which e-mail and Web browsing are not possible.
- Stay in touch with other businesses to share information regarding suspected fraud activity.
- Prohibit the use of “shared” usernames and passwords for online banking systems.
- Limit administrative rights on users’ workstations to help prevent the inadvertent downloading of malware or other viruses.
- Obtain professional advice about securing access to your computer.