• Fraud Resource Centre

     

  • By Working Together, We've Got Security Covered

    Every business is exposed to the risks of fraud. Unfortunately this is the reality of modern business and especially so when you operate online. Silicon Valley Bank invests in fraud prevention systems and implements several security measures to protect our clients.

    There are, however measures that you can implement into your processes that can help you minimise the risks of your company becoming the victim of fraud.

    Trusteer Rapport

    As hackers become more sophisticated, businesses face increasing challenges in creating a secure online environment. Silicon Valley Bank is helping clients meet these challenges through a combination of client education, improved processes, and technological solutions. As part of these efforts we now offer Trusteer's Rapport® software as a free download for online banking clients as part of a comprehensive security plan to minimise risk.



    Please note: To ensure effectiveness, installation of Rapport must be made by your local administrator or network system administrator. After installation, log in with your Rapport enabled browser and change your password.

    What is Rapport?

    Rapport works alongside your existing firewall and antivirus solutions to provide added protection to your online banking session. Rapport creates a secure tunnel between your keyboard and your online banking to minimise the risk of your information being captured by an outside party.

    Why Use Rapport?

    • Rapport is free for you as a client of Silicon Valley Bank, is easy to install, and has an unintrusive user interface.
    • Rapport enhances the security of the browser when you connect to online banking by verifying that the connection with the Web site is direct and encrypted to prevent "Man in the Middle" attacks.
    • Rapport validates the Web site you see is really hosted by Silicon Valley Bank, thereby reducing risk of sending information to phishing sites.

    What is the User Experience?

    • The interface with the user is designed to be as simple as possible. An icon is added to your browser.
    • When you connect to online banking the icon in the browser window will turn green.
    • When you visit sites that do not use Rapport the icon browser window will remain grey.

    Learn More about Trusteer's Rapport

     

    Physical Security

    Physical security is perhaps the most visible area where you can see how sensitive data could be stolen. Sometimes it is as simple as ensuring that sensitive documents aren't easily accessible to everyone.

    • Always shred and destroy confidential company documents when they are no longer required.
    • Store hard copies of any sensitive documents in a securely locked place.
    • Protect your corporate identity; store letter headed paper, business cards and cheques in a safe place where only authorised employees can access them.
    • Never leave sensitive documents on the printer.
    • Ensure that your post is delivered to a secure place and is not accessible anyone other than employees.
    • Verify visitors to your premises and never leave them unattended.
    • Operate a clear desk policy at the end of each day.
     

    PC / Laptop Security

    It is vital to ensure that you protect your personal computer or laptop from viruses and malware that can be inadvertently downloaded whilst online. There are a number of ways that you can do this.

    • Make certain you have enabled the firewall on your operating system, e.g. Microsoft Windows, Chrome, MAC, etc.
    • Ensure that you have up to date anti-virus software running.
    • Utilise the added security features available within your online banking, such as e-mail alerts, keyboard login or the virtual slider.
    • Always choose the option to have daily automatic updates on your operating system, antivirus software and browser. This will ensure you always have the latest version.
    • Regularly scan your PC/laptop using anti-virus software to ensure there are no malicious programs running.
    • Trusteer is a free to download anti-virus software which alongside your operating system firewall and anti-virus solutions provides added protection when online.
    • Call-to-Verify is an additional control for SVB Online Service users; it is an authentication tool which triggers a phone call to a nominated number to confirm when a high risk transaction is requested through your online banking.
    • Restrict downloading of non-essential software and disable the ability to plug in third party hardware such as memory sticks or external hard drives.
     

    Online Security

    Cybercrime is big business and is becoming a bigger and bigger problem. The best way to ensure your business stays safe is to understand the areas of risk and to implement policies that reduce or remove them.

    Passwords

    • All users should have separate user names and passwords. These should never be shared.
    • Use strong passwords that that have a combination of uppercase and lowercase, numbers and symbols and use different passwords for different applications.
    • Change passwords on a regular basis. Never reuse the same password.
    • Avoid passwords using date of birth, family, relative or pet names, etc; be cautious when selecting security challenge questions.
    • Do not write down usernames and passwords.
    • All PC's should be locked when they are not in use.
    • A password should be required after a period of inactivity.

    General surfing

    • Always log out when you finish with an application and close down the browser.
    • If possible consider using one PC for online banking purposes and a separate one for emails and surfing.
    • Shoulder surfing: be conscious of anyone watching you key in your password.
    • Social networking: to avoid ID theft, do not disclose confidential personal data, e.g. date of birth and restrict the privacy settings so they are not on public view.
    • Beware of Wi-Fi hotspots which are generally unsecure. When using a hotspot be aware that others may be able to see what you are doing. Consider using a VPN connection which will ensure that your activity is encrypted.
    • Do not click inside pop-up windows unless they are from a trusted website; they may contain links to malware sites.

    Emails

    • Phishing: be aware of suspicious emails from unknown email addresses; never disclose personal information; an email that offers something that appears too good to be true probably is.
    • Delete emails from unknown email addresses and never click on any links or attachments within these emails.
     

    Wireless Network

    Wireless networks are convenient, but vulnerable if not implemented properly. The best way to protect your wireless network is to understand how it works and to be familiar with the security features of your router.

    • Secure your wireless network using the built-in encryption on the router.
    • Change the default administrator password and default network name, called the SSID, on your wireless router. Default passwords and network names for most Internet devices are easily available on the Internet. This makes them easy targets for intruders.
    • If you do not need your wireless network at all times, turn it off when not in use. No one can access your network when it is off.
     

    Internal Control Environment

    Introducing internal controls is vital to reduce the risk of internal and external fraud. Managing the levels of responsibility employees have is an effective way of reducing the fraud risk.

    Employee awareness

    • Employees should understand the importance of information security.
    • Educate your employees to the risks of fraud.
    • Make sure that all employees know how to respond when fraud does occur to minimise any losses.

    User access

    • Each user should have an individual user ID and password.
    • Restrict the level of access that individual users have according to their responsibilities.
    • Regularly review employee physical and system access to ensure it is still relevant to their role and if it isn't then it should be adjusted.
    • Implement controls that ensure online activity is subject to initiator and separate approver activity; to ensure there is dual control and a segregation of duties.

    Account checks

    • Introduce processes to ensure that account balances and statements are checked on a regular basis.
    • Reconcile accounts on a regularly in order to spot any anomalies.

    Audit trail

    • Ensure that with every system or process there is a record of what system has been accessed; ideally this would include a time stamp and a detailed list of what operations a user has performed.

    Information Security

    • Robust controls and policies should be in place to protect information security.
    • Back up data files to ensure that they are retrievable in the event of a security breach.
     

    Card Security

    Debit and credit cards are now an irreplaceable part of our daily lives. Unfortunately they are also the easiest targets for a fraudster to extract money from your business. Here are some simple tips to help prevent your card details getting in to the wrong hands.

    Internet transactions

    • Only transact on websites with 'https' in the address bar; the 's' means the webpage is secure.
    • Only enter your card details on a webpage if you see a padlock symbol at the bottom of your browser. This is another indication that the site if secure.
    • Register your card with MasterCard SecureCode or Verified-by-Visa. These enhance the online security of your card by requesting digits from a pass code to protect against unauthorised internet transactions at participating online retailers.

    ATM's

    • Always hide your PIN and beware of people looking over your shoulder when using an ATM.
    • Try to use ATM's in well lit public areas and if possible covered by CCTV.
    • Do not use any ATM's that appear to have been tampered with or damaged, e.g. signs of sticky residue over the key pad.

    PIN

    • Never write down your PIN.
    • Never disclose your PIN to anyone.

    Corporate cards

    • Regularly reconcile statements for cards in order to make sure there are no unauthorised transactions.
    • Ensure you have assigned credit or transaction limits for dedicated card holders within your business.
    • Cancel any cards for any employees no longer with the business.
    • Review the requirement for employees to have cards if they do not use them.
    • Never let your card out of your sight when making a payment.
     

    Cheque & Payments

    Making payments to your clients is a critical part of your business; it is important you do so securely. Here are some tips to help you manage how you make payments.

    Cheque payments

    • If you issue a cheque ensure the destination address is accurate, sent securely and the recipient receives it timely. Advise SVB immediately if a cheque is lost.
    • Do not hold more cheque books than necessary.
    • Keep cheque books locked securely and if possible under dual control.
    • Consider who has authority to sign cheques on your business and review regularly.
    • Never sign a blank cheque.
    • Verify documentation that has been presented to support a cheque being issued.
    • Ensure a cheque is payable to the correct payee.

    Payments

    • Validate with your client their bank details prior to making a payment.
    • Authenticate requests with your clients who notify you they have changed bank or business information.
    • Check payroll data is accurate and for employees only.
    • For larger payments confirm with the beneficiary that they have received the payment.
     

    Internal Fraud

    Fraud and theft is not just the threat from external activity. Ensuring you implement, maintain and control risk internally can help mitigate the threat of internal fraud. Here are some tips to help you mitigate internal fraud and theft.

    Recruitment

    • Obtain documentary evidence from potential new employees; name, address, right to work and photographic identification.
    • Obtain and validate references.
    • Validate qualifications.
    • Check fraud prevention and credit reference agencies.
    • Consider enhanced pre-employment screening checks; particularly for higher risk roles.

    Internal fraud indicators

    • A reluctance to take sustained periods of annual leave by an employee.
    • Changes in behaviour or lifestyle.
    • Indications of financial difficulty.
    • Client concerns regarding missing paperwork or transactions.

    Promote a culture of fraud awareness and adopt a zero tolerance policy towards employee fraud.

    General

    Keep us updated

    Tell us immediately when any business details change, i.e. name, address or telephone number. Inform us if you are going to make a large or out of the ordinary transaction to ensure it is not blocked by our fraud prevention system.

    Be alert

    As long as you are aware of the risks you can protect yourself and your business. Stay up to date; the fraud awareness section of the Silicon Valley Bank website is a good source of information.

    Act quickly

    If you think you have been the victim of fraud you should act quickly to minimise the losses. Inform the fraud department of Silicon Valley Bank immediately.

    How To Report Fraud

    If you see a transaction you do not recognise contact us immediately on our fraud reporting number 0800 023 1441 (24 hours a day)