What is Corporate Account Takeover?
Corporate Account Takeover is an evolving electronic crime typically involving the exploitation of businesses of all sizes, especially those with limited computer safeguards and minimal or no disbursement controls for use with their bank’s online business banking system. These businesses are vulnerable to theft when cyber thieves gain access to its computer system to steal confidential banking information in order to impersonate the business and send unauthorized wire and ACH transactions to accounts controlled by the thieves. Municipalities, school districts, large non-profit organizations, corporate businesses, and any customers that perform electronic transfers are potential targets. Losses from this form of cyber-crime range from the tens of thousands to the millions with the majority of these thefts not fully recovered. These thefts have affected both large and small banks.
This type of cyber-crime is a technologically advanced form of electronic theft. Malicious software, which is available over the Internet, automates many elements of the crime including circumventing one time passwords, authentication tokens, and other forms of multi-factor authentication. Awareness of online threats and education about common account takeover methods are helpful measures to protect against these threats. However, due to the dependence of banks on sound computer and disbursement controls of its customers, there is no single measure to stop these thefts entirely. Multiple controls or a “layered security” approach is required.
Basic Online Security Practices
- Education is Key – Train your employees
- Secure your computer and networks
- Limit Administrative Rights -Do not allow employees to install any software without receiving prior approval.
- Install and Maintain Spam Filters
- Surf the Internet carefully
- Install & maintain real-time anti-virus & anti-spyware desktop firewall & malware detection & removal software. Use these tools regularly to scan your computer. Allow for automatic updates and scheduled scans.
- Install routers and firewalls to prevent unauthorized access to your computer or network. Change the default passwords on all network devices.
- Install security updates (patches) to operating systems and all applications as they become available.
- Block Pop-Ups
- Use strong password policies
- Do not open attachments from e-mail -Be on the alert for suspicious email
- Do not use public Internet access points
- Monitor and Reconcile Bank Accounts Daily, especially near the end of the day
- Note any changes in the performance of your computer Dramatic loss of speed, computer locks up, unexpected rebooting, unusual popups, etc.
- Make sure that your employees know how and to whom to report suspicious activity to at your Company & the Bank
- We recommend our commercial online banking customers perform a related risk assessment & controls evaluation periodically
Contact the Bank if you:
- Suspect a Fraudulent Transaction
- If you are trying to process an ACH Batch & you receive a maintenance page.
- If you receive an email claiming to be from the Bank and it is requesting personal/company information
Incident Responce Plans
Since each business is unique, customers should write their own incident response plan. A general template would include:
- The direct contact numbers of key bank employees (including after hour numbers);
- Steps the account holder should consider to limit further unauthorized transactions, such as:
- Changing passwords;
- Disconnecting computers used for Internet banking; and
- Requesting a temporary hold on all other transactions until out-of-band confirmations can be made;
- Information the account holder will provide to assist the bank in recovering their money;
- Contacting their insurance carrier; and
- Working with computer forensic specialists and law enforcement to review appropriate equipment.
Resources for Business Account Holders
- The Small Business Administration’s (SBA) website on Protecting and Securing Customer Information: https://www.sba.gov/managing-business/cybersecurity
- The Federal Trade Commission’s (FTC) interactive business guide for protecting data: https://www.ftc.gov/tips-advice/business-center/guidance/careful-connections-building-security-internet-things#Start
- The National Institute of Standards and Technology’s (NIST) Fundamentals of Information Security for Small Businesses: https://csrc.nist.gov/publications/detail/nistir/7621/rev-1/final
- The jointly issued “Fraud Advisory for Businesses: Corporate Account Takeover” from the U.S. Secret Service, FBI, IC3, and FS-ISAC available on the IC3 website: https://www.ic3.gov/Media/PDF/Y2010/CorporateAccountTakeOver.pdf
- NACHA – The Electronic Payments Association’s website has numerous articles regarding Corporate Account Takeover for both financial institutions and banking customers: http://www.nacha.org/c/Corporate_Account_Takeover_Resource_Center.cfm
|FACTS||What does Sicily Island State Bank do with your personal information?|
|Why?||Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.|
|What?||The types of personal information we collect and share depend on the product or service you have with us. This information can include:
|How?||All financial companies need to share customers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons Sicily Island State Bank chooses to share; and whether you can limit this sharing.|
|Reasons we can share your personal info||Does Sicily Island State Bank Share?||Can you limit this sharing?|
For our everyday business purposes:such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
For our marketing purposes:to offer our products and services to you
|For joint marketing with other financial companies||No||We don't share|
For our affiliates' everyday business purposes -information about your transactions and experiences
|No||We don't share|
For our affiliates' everyday business purposes -information about your creditworthiness
|No||We don't share|
|For nonaffiliates to market to you:||No||We don't share|
What We Do
|What we do|
|How does Sicily Island State Bank protect my personal information?||To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings. We also maintain other physical, electronic and procedural safeguards to protect this information and we limit access to information to those employees for whom access is appropriate.|
|How does Sicily Island State Bank collect my personal information?||We collect your personal information, for example, when you:
|Why can't I limit all sharing?||Federal law gives you the right to limit only
|Affiliates||Companies related by common ownership or control. They can be financial and non financial companies.
|Non Affiliates||Companies not related by common ownership or control. They can be financial and non-financial companies.
|Joint Marketing||A formal agreement between non affiliated financial companies that together market financial products or services to you.
Other Important Information
|Other Important Information|
|For Alaska, Illinois, Maryland and North Dakota Customers. We will not share personal information with nonaffiliates either for them to market to you or for joint marketing - without your authorization.
For California Customers. We will not share personal information with nonaffiliates either for them to market to you or for joint marketing - without your authorization. We will also limit our sharing of personal information about you with our affiliates to comply with all California privacy laws that apply to us.
For Massachusetts, Mississippi and New Jersey Customers. We will not share personal information from deposit or share relationships with nonaffiliates either for them to market to you or for joint marketing - without your authorization.
For Vermont Customers. We will not share personal information with nonaffiliates for them to market to you without your authorization and we will not share personal information with affiliates or for joint marketing about your creditworthiness without your authorization.
SICILY ISLAND STATE BANK
P.O. Box 68
SICILY ISLAND, LA 71368
You provide important information about yourself when you do business with our financial institution. This information is important because it helps us get a better picture of your needs, provide better service, and complete our transactions more effectively. The federal agencies’ Regulation P requires us to inform you of the types of information we collect, as well as how and with whom we share the information.
Below are definitions of terms we use followed by an outline of our information sharing policy:
We, our and us means Sicily Island State Bank. You and Your means the following types of customers:
All of our consumer customers who have a continuing relationship with us, such as:
- Deposit Account
- Loan Account
- Safe deposit box
- Individual Retirement Account
- Credit Card
Nonpublic Personal Information: Information about you that we collect in connection with providing a financial product or service to you. Nonpublic personal information does not include information that is available from public sources, such as telephone directories or government records.
Affiliate: A company we own or control, a company that owns or controls us, or a company that is owned or controlled by the same company that owns or controls us. Ownership does not mean complete ownership, but means owning enough to have control.
Nonaffiliated Third Party: A company that is not an affiliate of ours.
- CATEGORIES OF INFORMATION WE COLLECT
We collect nonpublic personal information about you from the following sources:
- Information we receive from you on applications or forms;
- Information about your transactions with us, our affiliates or others;
- Information we receive from a consumer reporting agency;
- Information about your transactions with nonaffiliated third parties.
- CATEGORIES OF INFORMATION WE DISCLOSE We do NOT disclose any nonpublic personal information about our customers or former customers to anyone, except as permitted by law.
- CONFIDENTIALITY AND SECURITY We restrict access to nonpublic personal information about you to “those employees who need to know that information to provide products or services to you.” We maintain physical, electronic and procedural safeguards that comply with federal regulations to guard your nonpublic personal information.
If you have any questions or concerns about the security of your account information, please contact us.
Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.
How do thieves steal an identity?
Identity theft starts with the misuse of your personally identifying information such as your name and Social Security number, credit card numbers, or other financial account information. For identity thieves, this information is as good as gold.
Skilled identity thieves may use a variety of methods to get hold of your information, including:
- Dumpster Diving. They rummage through trash looking for bills or other paper with your personal information on it.
- Skimming. They steal credit/debit card numbers by using a special storage device when processing your card.
- Phishing. They pretend to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information.
- Changing Your Address. They divert your billing statements to another location by completing a change of address form.
- Old-Fashioned Stealing. They steal wallets and purses; mail, including bank and credit card statements; pre-approved credit offers; and new checks or tax information. They steal personnel records, or bribe employees who have access.
- Pretexting. They use false pretenses to obtain your personal information from financial institutions, telephone companies, and other sources.
For more information on Identity Theft, visit one of the following sites for more information and understanding. Education is the key to protecting yourself from Identity Theft.
The First Line of Defense
Understanding the risks and knowing how fraudsters might trick you is a critical step in protecting yourself online. Here are some threats to watch for:
Lures you to a fake website (one that looks like a trusted financial institution, for example) and tricks you into providing personal information, such as account numbers and passwords.
Similar to phishing, pharming seeks to obtain personal information by directing you to copycat website where your information is stolen, usually from a legitimate-looking form.
Smishing is a type of social engineering that uses cell phone text messages to persuade victims to provide personal information such as card number, CVV2 (last 3 digits on the back of your card), or PINs. The text message may contain either a website address or a phone number that connects to an automated voice response system, which then asks for personal information. SISB staff members or business partners will never ask you for your CVV2 or a PIN.
Short for malicious software, often included in spam emails, this can take control of your computer without your knowledge and forward to fraudsters your personal information such as IDs, passwords, account numbers and PINs. Make your computer safer by installing and updating regularly your anti-virus and anti-malware programs.
For more information on these types of fraud, please click on the links listed below.
Lost or Stolen Card?
Call 1 (844) 202-5333
Sicily Island Branch
Monday – Thursday
9:00 am – 4:00 pm
9:00 am – 5:00 pm
Drive Thru Hours
Monday – Thursday
8:30 am – 4:30 pm
8:30 am – 5:00 pm
Monday – Thursday
8:30 am – 4:30 pm
8:30 am – 5:00 pm
Drive Thru Hours
Monday – Thursday
8:00 am – 5:00 pm
For more information on our Regular & Club Accounts