Fraud prevention should be an integral part of every business strategy. It’s not just about stopping the bad guys; it’s about enabling your business to grow and evolve without unwanted – and costly – interruptions. Silicon Valley Bank offers preventative tools, services and guidance to help you mitigate your risk of fraud.
Your online and mobile environments – including systems like online banking and hardware such as smartphones, computers and servers – both protect and expose your business’s assets and information. For example, while digital transactions can greatly reduce your fraud risk, they simultaneously expose your systems to the latest threats from malware, spyware, viruses, bots and browser hijack. Ever more sophisticated hackers are forcing businesses to adapt. Silicon Valley Bank offers online and mobile protections to help minimise your risk.
Online protection without the premium Silicon Valley Bank has partnered with IBM®, a leading expert in financial security, to offer
IBM Security Trusteer Rapport® online fraud protection software.
Trusteer Rapport works alongside your existing firewall and antivirus solutions to help protect your financial information by creating a secure transmission channel between your keyboard and SVB Online Banking. Take control of your business’s online security by downloading the free software today.
Out-of-band authentication Authenticate, Silicon Valley Bank’s out-of-band authentication service, helps reduce the risk of online banking fraud by requiring users to verify their identity via text message or a phone call at login when high-risk activities are being performed. Out-of-band authentication is an industry best practice because it provides a second layer of authentication in the event fraudsters gain access to your online credentials. Use Authenticate in conjunction with other fraud prevention tools such as Trusteer Rapport and recommended best practices.
All users should have separate user names and passwords. These should never be shared.
Use strong passwords that that have a combination of uppercase and lowercase, numbers and symbols and use different passwords for different applications.
Change passwords on a regular basis. Never reuse the same password.
Avoid passwords using easily-discoverable information such as date of birth, family, relative or pet names; be cautious when selecting security challenge questions.
Do not write down usernames and passwords.
All PCs should be locked when they are not in use.
A password should be required after a period of inactivity.
General website use
Always log out when you finish with an application and close down the browser.
Shoulder surfing: be conscious of anyone watching you key in your password.
Social networking: to avoid ID theft, do not disclose confidential personal data, e.g. date of birth and restrict the privacy settings so they are not on public view.
Beware of WiFi hotspots which are generally unsecure. When using a hotspot be aware that others may be able to see what you are doing. Consider using a VPN connection which will ensure that your activity is encrypted.
Do not click inside pop-up windows unless they are from a trusted website; they may contain links to malware sites.
Phishing: be aware of suspicious emails from unknown email addresses; never disclose personal information; an email that offers something that appears too good to be true probably is.
Delete emails from unknown email addresses and never click on any links or attachments within these emails.
Fraudsters pose as trusted employees or suppliers to trigger quick responses in order to steal funds. Preventing imposter fraud requires establishing and enforcing clear business practices in initiating and approving payments.
Additional online best practices
Establish dual administration and designate at least three administrators.
Review online banking activity and entitlement reports regularly.
Prohibit ID sharing, even for view-only.
Mobile device best practices
Download mobile apps from reputable sources.
Use mobile alerts to stay on top of business activity.
Employ two-factor authentication using push notifications.
Use strong passwords and change them frequently.
PC / Laptop Security
It is vital to ensure that you protect your personal computer or laptop from viruses and malware that can be inadvertently downloaded whilst online. There are a number of ways that you can do this.
Make certain you have enabled the firewall on your operating system, e.g. Microsoft Windows, Chrome, MAC, etc.
Ensure that you have up to date anti-virus software running.
Utilise the added security features available within your online banking, such as email alerts, keyboard login or the virtual slider.
Always choose the option to have daily automatic updates on your operating system, antivirus software and browser. This will ensure you always have the latest version.
Regularly scan your PC/laptop using anti-virus software to ensure there are no malicious programs running.
is a free to download anti-virus software which alongside your operating system firewall and anti-virus solutions provides added protection when online.
Call-to-Verify is an additional control for SVB Online Banking users; it is an authentication tool which triggers a phone call to a nominated number to confirm when a high risk transaction is requested through your online banking.
Restrict downloading of non-essential software and disable the ability to plug in third party hardware such as memory sticks or external hard drives.
STRUCTURE ACCOUNTS TO MINIMISE RISK
Segregate and reconcile accounts to help safeguard your business Protect your business assets by strategically structuring your business banking accounts to minimise the risk of fraud and theft. Preventative measures and ongoing monitoring of account activity allow you to identify fraudulent activity before it’s too late. Our experienced team can help minimise your risk of fraud by working with you to establish sound practices including account segregation and daily account monitoring.
Segregate accounts to reduce fraud A treasury best practice to minimise fraud is segregating payment and transaction activities across multiple accounts. By designating separate bank accounts for payments to vendors and receipts from customers, for example, you avoid disruption to your revenue stream in the event your payments account is compromised. Segregation also helps limit accounts to discrete business functions, allowing you to limit the number of employees with access to any one account, and making suspicious transactions easier to identify.
Some best practices for account segregation include:
Segregate accounts by account type (payables and receivables).
Segregate accounts by payment method (ACH, wire).
Segregate accounts by purpose or function (payroll, operations).
Set appropriate permissions or entitlements on accounts.
Reconcile accounts to maximise oversight Account review and formal reconciliation can help streamline operations and reduce your exposure to errors. Best practice recommends that you monitor and review accounts daily through either a manual process or an automated solution. At a minimum, monthly reconciliations are recommended to limit irregularities and ensure accounts are kept current.
The following are additional account best practices:
Move excess cash from operating accounts to investment accounts, minimising the amount of cash subject to payments fraud.
Enable alerts of outgoing account transactions.
OPTIMISE BUSINESS OPERATIONS
Tips for lowering risk of internal fraud Internal processes and controls form the backbone of a secure organisation, and establishing them early can ensure your business accelerates and grows with as little friction as possible. Building and communicating companywide policies and best practices can lower your risk of internal fraud, stolen funds or intellectual property, and loss of data from compromised systems.
Segregation of duties When you involve several people in the lifespan of a single transaction, from initiation to settlement and reporting, you minimise your risk of fraud or human error. Basically, you ensure that no single person is in a position to both commit and conceal fraud or errors. Even a small business should assign different individuals to perform the front- and back-office processes for a given transaction.
Some best practices for segregation of duties include:
Formalise internal processes to ensure appropriate checks and balances.
Separate roles for initiation and approval of payments.
Separate accounting team.
Set up discrete account and security access.
Accounts payable controls To minimise fraud, we recommend setting up strong employee controls and vendor master file access policies in accounts payable. Ensuring your employees follow established practices minimises the risk that your business loses funds in imposter or accounts payable fraud events.
The following are additional accounts payable best practices:
Employ out-of-band authentication to secure account access and payments approvals
Limit who can add new vendors or edit the master vendor file.
Segregate duties so one person isn’t handling billing and payment processing.
Obtain documentary evidence from potential new employees; name, address, right to work and photographic identification.
Obtain and validate references.
Check fraud prevention and credit reference agencies.
Consider enhanced pre-employment screening checks; particularly for higher risk roles.
Internal fraud indicators
A reluctance to take sustained periods of annual leave by an employee.
Changes in behaviour or lifestyle.
Indications of financial difficulty.
Client concerns regarding missing paperwork or transactions.
Promote a culture of fraud awareness and adopt a zero tolerance policy towards employee fraud.
Best practices for reducing payment fraud risk Commercial charge and debit cards: Take advantage of a variety of card payment options with enhanced controls and reporting tools for procurement, travel and entertainment (T&E), and even accounts payable.
Virtual card numbers (VCN): Expand your use of cards without fear of overexposing your card number. Assign unique, virtual card numbers to individual transactions via a web application or specialised client program to reduce fraud.
Debit and charge cards are now an irreplaceable part of our daily lives. Unfortunately they are also one of the easiest targets for a fraudster to extract money from your business. Here are some simple tips to help prevent your card details getting in to the wrong hands.
Only transact on websites with 'https' in the address bar; the 's' means the webpage is secure.
Only enter your card details on a webpage if you see a padlock symbol at the bottom of your browser. This is another indication that the site is secure.
Register your card with Mastercard SecureCode or Verified-by-Visa. These enhance the online security of your card by requesting digits from a pass code to protect against unauthorised internet transactions at participating online retailers.
Always hide your PIN and beware of people looking over your shoulder when using an cash point.
Try to use cash points in well-lit public areas and if possible covered by CCTV.
Do not use any cash points that appear to have been tampered with or damaged, e.g. signs of sticky residue over the key pad.
Never write down your PIN.
Never disclose your PIN to anyone.
Regularly reconcile statements for cards in order to make sure there are no unauthorised transactions.
Ensure you have assigned credit or transaction limits for dedicated card holders within your business.
Cancel any cards for any employees no longer with the business.
Review the requirement for employees to have cards if they do not use them.
Never let your card out of your sight when making a payment.
Domestic and international wires: Send real-time, immediate and irrevocable funds within the UK or internationally for payments to key suppliers and strategic business partners.
Establish internal controls, including secondary employee review and dual approval controls.
Confirm payment instructions over the phone for nonstandard beneficiaries or high-value payments.
Establish alerts to stay on top of account activities.
Wireless Network Wireless networks are convenient, but vulnerable if not implemented properly. The best way to protect your wireless network is to understand how it works and to be familiar with the security features of your router.
Secure your wireless network using the built-in encryption on the router.
Change the default administrator password and default network name, called the SSID, on your wireless router. Default passwords and network names for most Internet devices are easily available on the Internet. This makes them easy targets for intruders.
If you do not need your wireless network at all times, turn it off when not in use. No one can access your network when it is off.
Keep us updated Tell us immediately when any business details change, i.e. name, address or telephone number. Inform us if you are going to make a large or out of the ordinary transaction to ensure it is not blocked by our fraud prevention system.
Be alert As long as you are aware of the risks you can protect yourself and your business. Stay up to date; the fraud awareness section of the Silicon Valley Bank website is a good source of information.
Act quickly If you think you have been the victim of fraud you should act quickly to minimise the losses. Inform the fraud department of Silicon Valley Bank immediately.
How To Report Fraud If you see a transaction you do not recognise contact us immediately on our fraud reporting number 0800 023 1441 or on +44 (0)20 7367 7881 if calling from outside the UK (24 hours a day).