E-Banking Best Practices

From the list below, select the topic you are interested in for tips and best practices regarding electronic banking fraud protection and prevention:

Usernames and Passwords

  • Create a unique username and password to use to log in to Online Banking and Bill Pay.
  • Create a "strong" password with at least eight characters and a combination of mixed-case letters and numbers.  
  • Choose a different username and password for other log ins, such as Facebook, Twitter, Gmail, retail stores, etc.
  • Never share your username (often call a User ID) or password with anyone within your company, at the Bank or a third party provider.
  • Change your password frequently.
  • Avoid using an automatic log in feature that saves your username and password.

Personal and Business Banking

    Do:

  • Review account balances, transactions details, and transfer history regularly (preferably daily) to confirm payments and other transaction data and immediately report any suspicious activity to CapStone Bank.
  • Whenever possible, use Bill Pay instead of checks to limit access to your check stock and to facilitate electronic recordkeeping.
  • Sign up for and regularly view system alerts such as: balance alerts, transfer alerts, password change alerts, ACH alerts (for cash management users) and wire alerts (for cash management users).
  • Check the last login date/time during each visit—if the stated date does not resonate with you as correct, contact CapStone Bank to report suspicious activity and review the account activity.
  • Designate dollar limits for business account transfers.
  • When you have completed an Online Banking session, "log off" as opposed to simply closing the browser window.
  • Review historical and audit bank statements regularly to confirm transaction activity.
  • Whenever possible, register your computer to avoid having to re-enter "challenge questions" and other authentication information with each log in.

    Don’t:

  • Use public or other unsecured computers to log into Online Banking.
  • Use account numbers, Social Security Numbers, or other account or personal information when creating account nicknames or other titles.
  • Leave a computer unattended while logged into/using Online Banking.  
  • Conduct banking transactions while multiple browsers are open on your computer.

Cash Management

  • Consider purchasing fraud insurance.  Unlike personal accounts, commercial accounts are not Federally-protected from fraud losses. Ask your insurance provider about a rider to cover business account fraud, including employee embezzlement, cybercrime, and fraudulent transfers.

Automated Clearing House Batches (ACH)

  • Use pre-notifications to verify that account numbers within ACH payments are correct.
  • Establish dollar limits for transactions.
  • Review transaction reporting regularly to confirm activity.
  • Set account activity alerts.

Wire Transfers

  • Establish dollar limits for transactions.
  • Regularly review historic and audit reports to confirm transaction activity.
  • Set account activity alerts.
  • Don’t email wire requests to the Bank; business customers should use the Cash Management option through Online Banking and personal customers should call or come into the Bank.

Administrative Users

  • Limit administrative rights on users' workstations to help prevent inadvertent downloading of malware or other viruses.
  • Dedicate and limit the number of computers used to complete Online Banking/Cash Management transactions. Do not allow Internet browsing or email exchange on these computers and ensure the computers are equipped with the latest versions and updates of both antivirus and anti-spyware software.
  • Delete online usernames as part of the exit procedure when employees leave the company.
  • Assign dual system administrators for online ACH and wire services.
  • Establish transaction limits for employees who initiate and approve online payments such as ACH batches, wire transfers, and account transfers.
  • Do not share User IDs and passwords.

Phishing, Spyware and Malware

  • Install anti-virus and anti-spyware detection software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product—consult a trusted IT professional for guidance.
  • Regularly update all of your computers with the latest versions and patches of both anti-virus and anti-spyware software.
  • Ensure computers are updated regularly—particularly operating systems and key applications with security patches.
  • Install a dedicated, actively managed firewall, especially if you are using a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to your network and computers.
  • Check computer settings and select a minimum of a “medium” level of security for browsers. 
  • Clear the browser cache before starting an Online Banking session in order to eliminate copies of web pages that have been stored on the hard drive.
  • If an email claiming to be from CapStone Bank or an employee of CapStone Bank seems suspicious, call the Bank before responding or clicking on/opening any content.
  • Do not open email from unknown sources. Be suspicious of emails stating to be from a financial institution, government agency, or anyone requesting account information, account verification, or banking access credentials such as usernames, passwords, personal identification numbers (PIN), and similar information. Opening file attachments or clicking on web links in suspicious emails could expose the computer to a malicious code and thereby enable the computer to be hijacked.
  • Never respond to a suspicious email or click on any hyperlink embedded in a suspicious email. Call the stated source if you are unsure who sent an email.