Protect Your Business from Wire Transfer & ACH Transaction Fraud
First Horizon has identified an increasing trend involving fraudulent wire transfer and ACH requests initiated by corporate customers. The following are some important steps you can take to reduce fraud risk related to wire transfers and ACH transactions.
- Utilize call-back verification procedures for any email or faxed wire transfer request, particularly if the instructions have changed.
- Changes in an ACH funding request should be verified the same way using call-back verification. Be especially vigilant in initiating ACH funding changes based on email or faxed instructions.
- Never use contact information provided in an email or fax to conduct the call-back verification – always use the phone number listed on the account profile or your business records.
- Regardless of the relationship with the customer or business, always verify each email or fax request.
- Even if multiple requests are received from the same party in a short period of time, each request requires separate verification.
- When conducting call-back verification, speak with the requestor to ensure proper verification. Leaving a voicemail is not considered a proper verification method.
- Be aware of suspicious activity and red flags as it relates to wire transfer and ACH transaction fraud to minimize fraud risk.
If you confirm any suspicious or fraudulent transactions that involve your FTB account, (particularly wire transfers or ACH transactions), immediately escalate the situation by calling First Horizon’s Customer Service at 800-382-5465. There is a limited recovery window for these transactions and immediate escalation may prevent further loss.
How we protect you
The First Horizon Family of Companies (First Tennessee, FTB Advisors, and First Horizon) consider the security of your financial information a top priority. We employ extensive security measures to ensure a safe and reliable online experience for all of our customers.
Password Protection – to gain access to an account or account information, a user must verify his or her identity with a password.
Firewall Protection – all systems are protected with firewalls that limit access to only those services that we needed. In addition, all activity passing through the firewall is documented.
128-Bit Key SSL Encryption – before data is exchanged between the customer and the bank, it is encoded or scrambled with 128-bit key SSL encryption. Secure Socket Layer, or SSL, locks the data so that regardless of the path the data takes as it passes across the internet, it only can be opened by the end user with the proper key or 128-character-long combination to the lock on the data. Upon arriving at the computer that requested the information, the packets are reassembled into the original message.
Fraud Detection – we use cutting-edge technology and trained employees to aid in fraud detection. Additionally, we participate in industry consortiums made up of some of the largest financial institutions in the United States, which allows us to address emerging issues in Internet and email fraud.
Email Alerts – email alerts will let you know when your log-in information has been changed. In the event that you did not initiate that change, we ask that you contact us immediately so we can take the necessary steps to block unauthorized users from your account.Additionally, we request that customers enter at least one mobile phone number or email address (two are suggested) upon setting up a Banking Online account. These email addresses and/or mobile phone numbers can be used to send verification emails or texts anytime you initiate a change to your contact information or select to add a custom Payee in Bill Pay Online.
Privacy Notice – a copy of our privacy notice can be found here
Federal Laws and Regulations – Federal laws and regulations protect you from fraudulent credit and debit card usage as well as from unauthorized online banking activity.
Safeguarding your smartphone
With the increasing popularity of smartphones, more and more people are using apps to conduct personal business online – business that often requires the use of sensitive information such as bank account numbers, credit card data, or passwords. While your smartphone can make life simpler, you should also be aware of potential threats to the security of your smartphone and the precautions you can take to keep it secure.There are three areas where smartphone users can potentially fall victim to fraudulent activity. Keep these in mind as you use your smartphone as well as the related tips for preventing fraud.
Lost phones – if you've owned a smartphone for any length of time, chances are you've probably misplaced it, at least temporarily. The danger here is that, if you've made purchases on your phone or, perhaps, conducted banking activities with it, someone who finds or steals your phone may be able to extract sensitive personal information from it.
- Set PINs and passwords on your phone’s home screen to prevent unauthorized access to your phone. Configure it to automatically lock after 5 minutes or less of being idle.
- Wherever possible, use different passwords for each of your important log-ins.
- Don’t modify your smartphone’s security settings, as it can undermine valuable built-in security features.
- Keep your smartphone’s operating software up-to-date by enabling automatic updates from your service provider. You may also want to install trustworthy security apps that allow you to remotely locate and erase all of the data stored on your phone.
- Always report a stolen phone. Wireless providers in conjunction with the Federal Communication Commission (FCC) have established a stolen phone database that will help your provider prevent your phone from being activated without your permission.
App downloads – hackers often use apps to entice smartphone users into downloading malware that can steal information or cause damage to your phone.
- Only install apps from trusted sources. If you have doubts, you can check user reviews, confirm the legitimacy of the app store, and compare it to the app sponsor’s official website.
- You may also want to install security apps that allow you to remotely locate and erase all of the data stored on your phone.
Surfing on open Wi-Fi networks – cybercriminals often use unprotected Wi-Fi hotspots to target people online.
- Avoid public hotspots and instead use protected Wi-Fi from sources you trust or your own mobile wireless connection.
- Ignore pop-ups or prompts to download software. They are often a hacker’s attempt to infect your phone with malware or spyware.
- If you don’t get automatic updates, manually update your smartphone’s security software before you travel. Wi-Fi in airports and hotels can be potentially troublesome if your smartphone is not fully protected with the latest security updates.
Multi-Layered Mobile Banking Security– when you use Mobile Banking, you can be certain that your personal information is protected. Our security measures are delivered in a multi-layered platform that offers you security at each level of your Mobile Banking experience.
At enrollment – you will provide credentials upon first use, and your identity is then verified by answering challenge questions generated by an existing authentication system. Once verified, you can use the device to immediately access mobile banking functionality.
Logging in – initiating a secure session requires two factors of authentication: 1) Your confidential passcode; 2) Confirmation of the correct end user device. Without both, authentication will not occur and log-in is prevented. Our process requires that our Mobile Banking users must have previously proven to the bank that the device being authenticated is in the user’s possession and is authorized for access.
Confirming transactions – our systems periodically present mobile users with step-up challenge questions in response to transfer, payment, and check deposit transactions deemed high risk or suspicious. This safeguard provides you with an extra level of security before a transaction is approved.
Other ways you can protect your information
Here are some steps that you can take to ensure your identity and information are as safe as possible.
- Monitor your accounts frequently. Review your accounts and monthly statements to ensure that all information is correct. Additionally, review your credit report annually. Immediately report any discrepancies.
- Verify the contact. Do not provide confidential information via email, text message, or phone call unless you initiated contact. When responding to requests, use a telephone number or web site address you know to be legitimate.
- Beware of "free" offers. Beware of unsolicited requests for cash or account information in exchange for a prize or gift. Remember, if it sounds too good to be true, it probably is.
- Travel light. Only carry what is necessary in your wallet or purse. Photocopy the front and back of your driver's license, passport, and credit cards and store in a secure place in case they are lost or stolen.
- Protect documents. Keep sensitive documents in a safe place, shred all personal and financial information before discarding, and don’t discard receipts at ATMs and gas pumps.
- Practice password safety. Create a strong password for each online service (10 characters, including mixed case letters, numbers, special characters). Change them frequently and store in a secure place.
- Protect yourself online. Verify use of a secure session (https:// not http://) in the browser when banking online and when making online purchases. Also, look for a lock icon in the browser, which indicates a secure website.
- Beware of shoulder surfers. Be aware of your surroundings when entering your Personal Identification Number (PIN) or any other sensitive information at a point-of-sale terminal, an ATM, or in your computer, phone, etc.
- Delete emails from senders you don't recognize. If you get an email that you think is from a person or company you recognize, use caution when clicking on embedded links. If you are suspicious, type the address into your browser instead of clicking the link.
- Report. Notify your bank immediately if you discover that your checks, debit cards, or credit cards have been lost or stolen. Close accounts that you know or believe have been tampered with.
The First Horizon Family of Companies is committed to providing your company with the latest in secure technology for conducting your business or corporate banking. However, there are some important steps you can take to ensure your own internal security.
- Conduct reconciliation of all banking transactions on a daily basis.
- Initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer.
- Familiarize yourself with our account agreement and with your liability for fraud under the agreement and the Uniform Commercial Code as adopted in the jurisdiction. You can also educate yourself with tips on combating fraud in your business.
- Stay in touch with other businesses to share information regarding suspected fraud activity.
- Immediately escalate any suspicious transactions, particularly ACH or wire transfers. There is a limited recovery window for these transactions and immediate escalation may prevent further loss.
- Employ best practices to secure computer systems including:
- If possible, for businesses that transact high value or large numbers of online transactions, it is recommended that all commercial online banking activities be carried out from a stand-alone, hardened and completely locked down computer system from which e-mail and Web browsing are not possible.
- Be suspicious of e-mails purporting to be from a financial institution, government department or other agency requesting account information, account verification or banking access credentials such as usernames, passwords, PIN codes and similar information. Opening file attachments or clicking on Web links in suspicious emails could expose your system to malicious code that could hijack your computer.
- Install a dedicated, actively managed firewall, especially if you have a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to a network and computers.
- Create a strong password with at least 10 characters that includes a combination of mixed case letters, numbers and special characters.
- Prohibit the use of "shared" usernames and passwords for online banking systems.
- Use a different password for each Web site that is accessed.
- Change the password a few times each year.
- Never share username and password information for online services with third-party providers.
- Limit administrative rights on users' workstations to help prevent the inadvertent downloading of malware or other viruses.
- Install commercial anti-virus and desktop firewall software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
- Ensure virus protection and security software are updated regularly.
- Make certain computers are patched regularly, particularly operating systems and key applications with security patches. It may be possible to sign up for automatic updates for the operating system and many applications.
- Consider installing spyware detection programs.
- Clear the browser cache before starting an online banking session in order to eliminate copies of Web pages that have been stored on the hard drive. How the cache is cleared will depend on the browser and version. This function is generally found in the browser's preferences menu.
- Verify use of a secure session (https not http) in the browser for all online banking.
- Avoid using automatic log-in features that save usernames and passwords for online banking.
- Never leave a computer unattended while using any online banking or investing service.
- Never access bank, brokerage or other financial services information at internet cafes, public libraries, etc. Unauthorized software may have been installed to trap account number and sign on information leaving you vulnerable to possible fraud.
How we protect you online
The First Horizon Family of Companies uses a strong authentication process to protect your sensitive information online. Using an authentication method the user knows (user ID and password) and one the user holds (token) for high-risk transactions, ensures that the right user is accessing our products and systems online.
As we upgrade our online banking platform, we will be deploying more sophisticated security solutions that will detect unusual user behavior and prompt the user for more information before granting access. Unusual behavior includes:
- Accessing the system in timeframes the user typically does not access the system
- Accessing the system from different geographical regions
- Accessing the system from different computers
Our external facing applications are protected from malicious attacks against our servers by firewalls and intrusion detection systems. These solutions not only protect our applications from hackers but also detect any intrusion or hack attempts and alert us.