What is Corporate Account Takeover?

Corporate account takeover is a type of fraud where thieves gain access to a business' finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable. Thousands of businesses have fallen victim to this type of fraud, and the losses have ranged from a few thousand to several million dollars.

Consider these tips to ensure your business is well prepared:

  1. Initiate a "dual control" payment process with your employees.
    • ESSA offers cash management services with the ability to establish a two person process.
  2. Have dedicated workstations.
    • Lock workstations when not in use...even for short periods of time.
    • Do not use public computers - such as at the public library, hotel's Business Center or airport computer terminals - to access online banking.
  3. Use robust authentication methods and vendors. In addition to passwords and PINs:
    • Each user should have their own password - do not have several users share the same password.
    • Use 'complex' passwords - ones that contain a combination of numbers, letters and/or symbols.
    • Consider using an additional authentication tool, such as a token or a smart card.
    • Each user should change their password frequently - approximately every 45-60 days.
  4. Update virus protection and security software.
    • Do not respond to emails or open attachments unless you are expecting the communication. Phishing scam emails can come from both unrecognized and recognized sources.
    • You won't ever receive an authentic email asking for your online banking credentials.
    • If something appears unusual or you receive an email requesting your online banking credentials, call your bank, but don't use any information from the email as it may be a phishing email.
  5. Reconcile accounts daily.
    • Utilize bank account features, such as automated payment filters and other alerts that show unexpected activity on your accounts.