As someone responsible for a small business or commercial bank account, you will want to know that the Federal Financial Institutions Examination Council (FFIEC) helps banks strengthen their vigilance and put controls into place so that your accounts are properly secured during online access. FFIEC is the coordinating group that sets standards for the major financial industry regulators and examiners.
Strong Authentication Standards
Whenever possible, we have implemented the following tactics to keep your information safe:
- Requirements for passwords that meet industry standards (length, types of characters, etc.)
- Multifactor authentication that requires the user to identify themselves using a separate channel, such as entering a code received via text message or phone call
Wherever possible, we have implemented these features into our platforms:
- SSL certificates with the latest encryption standards that enable your device to securely transmit information over the internet
- Security services that run in the background to look for suspicious activity
Enhanced Controls Protect Higher Risks
The FFIEC supervisory guidance addresses the fact that not every online transaction poses the same level of risk, recommending that financial institutions implement more robust controls as the risk level of the transaction increases.
Online business transactions generally involve ACH file origination and frequent interbank wire transfers. Since the frequency and dollar amounts of these transactions are generally higher than consumer transactions, they pose a comparatively increased level of risk to the institution and its customer, according to FFIEC. Thus banks are advised to implement security plans utilizing controls consistent with the increased level of risk for covered business transactions.
These enhanced controls are designed to exceed the controls applicable to routine customer users. For example, a preventive control could include requiring an additional authentication routine prior to final implementation of the access or application changes. A detective control might include a transaction verification notice immediately following implementation of the submitted access or application changes. Based upon the incidents the Agencies have reviewed, enhanced controls over administrative access and functions can effectively reduce money transfer fraud.
Investors Bank recommends that you perform your own regular risk assessment that evaluates who has access to your accounts, their level of access, and internal procedures.
Layers of Control
Whenever increased risk to your transaction security might warrant it, we may employ additional layers of control, such as:
- Fraud detection and monitoring systems that include consideration of customer history and behavior
- Dual customer authorization through different access devices
- Out-of-band verification for transactions
- “Positive pay,” debit blocks, and other techniques to appropriately limit the transactional use of the account
- Transaction value thresholds, number of transactions allowed per day, and allowable payment windows (e.g., days and times)
- Internet protocol (IP) reputation-based tools to block connection to banking servers from IP addresses known or suspected to be associated with fraudulent activities
- Policies and practices for addressing customer devices identified as potentially compromised and customers who may be facilitating fraud
- Account maintenance controls over activities performed by customers either online or through customer service channels.
Your protections under “Reg E”
Banks follow specific rules, known as Regulation E, for electronic transactions issued by the Federal Reserve Board. Under the protections provided under Reg E, consumers can recover online banking losses according to how soon they are reported. In general, these protections are extended to personal consumers and personal consumer accounts only.
Customer Vigilance: The first line of defense
Of course, understanding the risks and knowing how fraudsters might trick you is a critical step in protecting yourself online. You can make your devices safer by installing and regularly updating your:
- Anti-virus software
- Firewalls on your computer
- Operating system patches and updates
You can also take advantage of the following to protect yourself even further:
- Online Banking alerts that can be set up for a variety of transactions
- Verified By Visa, which provides password protection on your Investors Visa debit card
- CardValet, a mobile app that can help reduce debit card fraud by allowing you to monitor accounts with your smartphone
How We May Contact You
An employee of the bank may contact you, without your provocation, in the event we detect suspicious activity on your account. Such a contact could be made via phone call or postal mail. We would not ask you for your online banking password. If this uninitiated contact seems suspicious to you, we encourage you to contact us directly to verify the contact.
If You have Suspicions
If you notice suspicious activity within your account or experience security-related events (such as a phishing email from someone purporting to be from Investors Bank), please contact us immediately and you will be guided to the person responsible for such issues:
101 JFK Parkway
Short Hills, NJ 0778
For more information, see our Additional Resources.