Security & Fraud Prevention

• Do not use your Social Security number as a username or password. Change your usernames and passwords regularly and use combinations of letters, numbers, and special characters such as # and @. Do not use your online banking username and passwords as credentials for other online accounts.
• Protect your online passwords. Don’t write them down or share them with anyone.
• Use secure websites for transactions and shopping. Shop with merchants you know and trust. Make sure Internet purchases are secured with encryption to protect your account information. Look for “secure transaction” symbols like a lock symbol in the lower right-hand corner of your web browser window, or “https://…” in the address bar of the website. The “s” indicates "secured" and means the web page uses encryption.
• Always log off from online banking and any website after using your credit or debit card, or other sensitive information. If you cannot log off, quit your browser to prevent any potential unauthorized access to your account information.
• Quit your browser when you’re not using the Internet.
• Be cautious when using public hotspots and consider your Wi-Fi auto-connect settings.

• Be wary of suspicious emails. Never open attachments, click on links, or respond to emails from suspicious or unknown senders.
• If you receive a suspicious email that you think is a phish, do not respond or provide any information.
• Banks, other financial institutions and regulators will never initiate email inquiries asking for personal or account information for confirmation, security, verification or any other purpose.

When you use a mobile device for browsing, keep these tips in mind:

• Use the keypad lock or phone lock function on your mobile device when it is not in use. These functions password-protect your device and make it more difficult for someone else to view your information. Also be sure to store your device in a secure location.
• Frequently delete messages from your financial institution, especially before loaning, discarding, or selling your mobile device.
• Never disclose via text message, phone call or email your personal or financial information, including account numbers, passwords, Social Security number or birth date.
• Applications are programs you can download to your mobile device. Applications or “apps” that let you monitor your finances and conduct certain transactions are increasing in popularity.
• To ensure the safety of your personal and account information, only download mobile apps from reputable sources.
• For added security, sign off when you finish using apps rather than just closing it.

• Use a current web browser.
• Avoid downloading programs from unknown sources.
• Keep your computer operating system up to date to ensure the highest level of protection.
• Install a personal firewall on your computer.
• Install, run and keep anti-virus and other software updated.
• Turn your computer off completely when you are finished using it – don’t leave it in sleep mode.
• Conduct online banking activities on secure computers only. Public computers (computers at internet cafes, copy centers, etc.) should be used with caution, due to shared use and possible tampering. Online banking activities and viewing or downloading documents (statements, etc.) should only be conducted on a computer you know to be safe and secure.
• Ensure your computer software and plug-ins are current. Before downloading an update to your computer program, first go to the company’s website to confirm the update is legitimate.

Strategically structure your business banking accounts and implement monitoring to minimize the risk of fraud and theft. Protect your business assets with preventative measures that allow you to identify fraudulent activity proactively. Avidbank's experienced team will work with you to establish proven, sound practices to minimize the risk of fraud including account segregation and daily account monitoring.

Segregating payment and transaction activities across multiple accounts is a treasury best practice used to minimize fraud. Designate separate bank accounts for payments to vendors and receipts from customers, for example, to avoid disruption to your revenue stream in the event one of your accounts is compromised. By segregating accounts, you can also create accounts for discrete company functions and limit account access, making suspicious activity easier to identify. Account segregating best practices include:

• Segregate accounts by type (payables and receivables).
• Segregate accounts by function (payroll and operations).
• Segregate accounts by payment method (ACH, check, wire).
• Set appropriate permissions, access or entitlements on accounts.

Streamline operations and reduce exposure to errors and check fraud with account review and formal reconciliation. Best practice recommends daily monitoring and account review using either a manual process or an automated solution. At a minimum, reconcile accounts monthly to limit irregularities and ensure accounts are current. The following are additional account best practices:

• Minimize the amount of cash subject to payments fraud by moving excess cash from operating accounts to investment accounts.
• Secure check payments with Positive Pay account services.
• Outsource checking printing and strictly control check stock.
• Enable account alerts for outgoing transactions.

Internal controls and processes are the foundation of a secure organization. By establishing this security base early on, your company can grow with a universal understanding of the policies. Building companywide best practices and communicating them can lower the risk of internal fraud, stolen funds or intellectual property, and data loss from compromised systems.

Minimize the risk of fraud or human error by involving several employees in the process of a single transaction -– from initiation through settlement to reporting. With numerous people involved, you can ensure that no single person has the opportunity to both commit and conceal fraud. Even small businesses should assign different employees to perform the front- and back-office activities. Some best practices for segregating employee duties include:

• Ensure appropriate checks and balances with formalized internal processes.
• Assign separate employees for initiation and approval of payments.
• Separate your accounting team.
• Set up discrete account and security permissions and access.

We recommend that your business set up strong employee controls and vendor master file access policies in accounts payable to minimize fraud. Ensure that your employees follow clear, established practices to minimize risk of losing funds to imposter or accounts payable fraud incidents. Additional accounts payable best practices include:

• Use out-of-bank authentication to secure account access and payment approvals.
• Limit employees who can add new vendors or edit the master vendor file.
• Segregate duties so different employees are handling billing, payment processing and check signing.
• Require vendors to provide a Form W-9 before their first invoice is paid.

• Review online banking activity and entitlement reports regularly.
• Do not allow ID sharing, even for view-only. Employees should use their own credentials.
• Adopt strong passwords and change them frequently.
• An industry best practice is out-of-bank authentication because it provides a second layer of authentication in the event of unauthorized access to your online credentials.

• Establish reliable internal controls for including secondary review and dual approval processes.
• For high-value payments or nonstandard beneficiaries, confirm payment instructions over the phone.
• Verbally confirm changes to payment instructions over the phone with a know party.
• Utilize alerts to stay up-to-date on account activities.

Paper checks are sometimes necessary. Implement these fraud prevention best practices to lower risk of theft:

• Minimize check fraud with Positive Pay services in place on all accounts.
• Limit manual check writing, loss of check stock, or theft from unauthorized check writing by utilitizing a check issuance service.
• If you receive checks from your customers, use an automated wholesale lockbox to secure payments when received.
• Use reputable sources to purchase paper check stock.
• Store all check stock, deposit slips and bank statements using security measures.
• Indicate a "No Checks" restriction on business accounts that will not issue checks.

• Report any fraudulent activity on your Avidbank accounts by calling us at 650-843-2265.
• Review activity on all accounts, including your checking, savings, credit card, debit card, loans and online banking. Look for changed addresses.
• Close accounts that have been breached and reopen them with new account numbers, passwords and PINs.
• Change your online banking username and password.

• Equifax: 1-800-525-6285 or www.equifax.com
• Experian: 1-888-397-3742 or www.experian.com
• TransUnion: 1-800-680-7289 or www.transunion.com
• Place a “fraud alert” on your credit file.
• Request a free copy of your credit report.

• Contact credit card companies, utility providers, banks, lenders and financial institutions.
• Follow up phone conversations with a letter or email.
• Close accounts that have been breached and reopen them with new account numbers, passwords and PINs.

• A police report will lend credibility to your case when dealing with creditors who may require proof of criminal activity.

• Call 1-877-ID THEFT (1-877-438-4338) to speak with a trained identity theft counselor.
• You can also file your complaint online at www.consumer.gov/idtheft.

• Notify the Postal Inspection Service if you believe your mail was stolen or redirected: www.usps.com.
• Call the Social Security Fraud Hotline if you suspect someone is using your Social Security number for fraudulent purposes: 1-800-269-0271.
• Contact your local Department of Motor Vehicles office if you believe someone is trying to get a driver’s license or identification card using your name and information: www.dmv.org.

• Because identity theft can take time to completely resolve, carefully review all charges and transactions appearing on account statements and online banking.
• Report any discrepancies immediately.