African woman using mobile phone
Helping you manage your cash flow
The successful management of your cash flow is an essential task in the life of a small business owner. Your Americana Community Bank Cash Management team gives you the power to manage your ACH, wire, payroll, and other important financial matters, allowing you the opportunity to maintain control.
Your ACB Cash Management specialist is there to help you, by phone, email, or in person – at your office. We’ll provide you with the materials necessary to get you set up, or help you step-by-step, your choice!
Call your ACB banker today to learn more about Americana Community Bank Cash Management service, including Deposit Advantage, our remote deposit capture system. Make your deposits without leaving the office!
This document summarizes information included in a piece released by the US Secret Service, the U.S. FBI, The Internet Crime Complaint Center (IC3), and the Financial Services Information Sharing and Analysis Center (FS-ISAC), entitled, “Fraud Advisory for Business: Corporate Account Take Over (CATO)”. Information contained here is intended to provide basic information about the increasing threat of CATO and to help you establish security processes of your own. However, these attacks – these threats – are continuously evolving and you must stay up-to-date to enforce your security posture.
Cybercriminals are targeting the financial accounts of owners and employees of small- and medium-sized businesses, resulting in significant business disruption and substantial monetary losses due to fraudulent transfers from these accounts. Often these funds cannot be recovered.*
To obtain access to financial accounts, cybercriminals target employees – often senior executives or accounting and HR personnel, although any employee can be vulnerable- and business partners, including contractors, accountants, and other third parties, and cause the targeted individual to spread malicious software (or “malware”) which in turn steals their personal information and login credentials. Once the account is compromised, the cybercriminal is able to electronically steal money from business accounts.
Cybercriminals also use various attack methods to:
In addition to targeting account information, cybercriminals also seek to gain customer lists and/or proprietary information – often through the spread of malware – that can cause indirect losses and reputational damage to a business.
First identified in 2006, this fraud, known as “corporate account take over,” once attacked mostly large corporations, but cybercriminals have now begun to target municipalities, smaller businesses, and non-profit organizations. Thousands of businesses, small and large, have reportedly fallen victim to this type of fraud. Educating** all stakeholders (financial institutions, businesses, and consumers) on how to identify and protect themselves against this activity is the first step to combating cybercriminal activity.
How It’s Done
Cybercriminals trick victims into divulging personal or account information by:
Methods used to trick you into opening an attachment or clicking on a link include:
The criminal’s goal is to get you to open the infected attachment or click on the link so hidden malware (software designed to harm) can be downloaded to your computer. This malware allows the fraudster to “see” and track your activities across the business’ internal network and on the Internet. The tracking may include visits to your financial institution and use of your online banking credentials (used to access account information, login information, and passwords). Using this information, the fraudster can conduct unauthorized transactions that appear to be legitimate transactions conducted by you or your employee.
How to Protect, Detect, and Respond
1. Educate everyone on this type of fraud scheme.
2. Enhance the security of your computer and networks to protect against this fraud.***
3. Enhance the security of your corporate banking processes and protocols.
4. Understand your responsibilities and liabilities.
5. Monitor and reconcile accounts at least once each day.
6. Note any changes in the performance of your computer:
7. Pay attention to warnings.
8. Be on the alert for rogue emails.
9. Run regular virus and malware scans of your computer’s hard drive.
10. Discuss the options offered by your financial institution to help detect or prevent out-of-pattern activity (including both routine and red flag reporting for transaction activity).
11. If you detect suspicious activity, immediately cease all online activity and remove any computer systems that may be compromised from the network.
12. Make sure your employees know how and to whom to report suspicious activity within your company and at your financial institution.
13. Immediately contact your financial institution so that the following actions may be taken:
14. Maintain a written chronology of what happened, what was lost, and the steps taken to report the incident to the various agencies, financial institutions, and firms impacted.
15. File a police report.
16. Have a contingency plan to recover systems suspected of compromise.
17. Consider whether other company or personal data may have been compromised.
18. Report exposures to PCI DSS, if appropriate.
*Consumer accounts are subject to Federal Reserve Regulations E (12C.F.R. Part 205) which requires banks to provide reimbursement for certain losses. Regulation E does not apply to business accounts. Therefore, banks are not required to provide reimbursement for certain losses.
**This advisory was created through a collaborative cross-industry effort to develop and distribute recommended practices to prevent, detect, and respond to corporate and consumer account takeovers. Led by the Financial Services Information Sharing and Analysis Center (FS-ISAC), contributors include more than 30 of the largest financial institutions in the U.S., industry associations including the American Bankers Association (ABA), NACHA – The Electronic Payments Association, BITS/The Financial Services Roundtable, and federal regulatory and law enforcement agencies. This advisory is an update to recommendations previously released in August 2009 by the FS-ISAC, FBI, and NACHA, and the NACHA (Operations Bulletin) in December 2009.
*** See the “Resources” section of this document for links to helpful and detailed tips on how to enhance your information technology (IT) security.
The ACH Network holds the key to the future. It uses technology to move money; enhancing lives and sustaining companies. The steps below will take you to the Nacha Operating Rules and Guidelines, which are the framework of ACH payments. Not only will your company better attain its financial goals with this knowledge, but abiding by them will protect your company and its payees.
Included in the Rules are the obligations of companies using ACH. You will also find, on the site, details about Rule enforcement, annual audit requirements, a table of Return Reason codes, and formatting specifications.
The instructions below give you access to the Basic Version of the Nacha Operating Rules and Guidelines, which is in pdf form. You are not able to print this pdf. You will be given the option upon logging in to upgrade to a premium version, which gives you more options for accessing the rules.
Here are the steps to accessing the rules for processing ACH:
The Federal Reserve System (often referred to as “The Fed”) is closed on the following 2021 dates, therefore some Cash Management services will be affected.
ACH files will not be processed. Deposit Advantage deposits made on these days will post on the following business day. Other services may also be affected.
Please contact your ACB Cash Management specialist at eBizHelp@AmericanaFinancial.com for answers to your Cash Management questions.
January 1, 2021
New Years' Day
January 18, 2021
Martin Luther King Jr. Day
February 15, 2021
May 31, 2021
July 5, 2021
Independence Day Observed
September 6, 2021
October 11, 2021
November 11, 2021
November 25, 2021