Skip Main Navigation Download Acrobat Reader 5.0 or higher to view .PDF files.
Presidio Bank
LOGIN

Business eBanking Best Practices

We have provided the following Best Practices to assist you in mitigating the risk of loss due to your computers being hacked. We strongly encourage you to follow all of these practices.


General e-Banking Best Practices

 
  • Be suspicious of e-mails purporting to be from a financial institution, government department or other agency requesting account information, account verification or banking access credentials such as usernames, passwords, PIN codes and similar information. Opening file attachments or clicking on web links in suspicious emails which could expose the system to malicious code that could hijack their computer.
  • Install a dedicated, actively managed firewall, especially if you have a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to a network and computers.
  • Prohibit the use of “shared” usernames and passwords for online banking systems.
  • Use a different password for each website that is accessed.
  • Limit administrative rights on users’ workstations to help prevent the inadvertent downloading of malware or other viruses.
  • Install commercial anti-virus and desktop firewall software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
  • Ensure virus protection and security software are updated regularly.
  • Ensure computers are patched regularly particularly operating systems and key applications with security patches. It may be possible to sign up for automatic updates for the operating system and many applications.
  • We recommend you install an industry standard spyware detection program.
  • We recommend clearing the browser cache before starting an Online Banking session in order to eliminate copies of web pages that have been stored on the hard drive. How the cache is cleared will depend on the browser and version. This function is generally found in the browser's preferences menu.
  • We recommend you verify use of a secure session (https not http) in the browser for all online banking.
  • Avoid using an automatic login feature that saves usernames and passwords for online banking.
  • We recommend that your users sign off, shut down, and disconnect when their computer is not in use.
  • Never access bank, brokerage or other financial services information at Internet cafes, public libraries, etc. Unauthorized software may have been installed to trap account number and sign on information leaving the customer vulnerable to possible fraud.
  • You should familiarize yourself with the bank’s account/services agreement(s) relative to the liability for fraud under the agreement(s) and the Uniform Commercial Code of the State of California.
  • Make sure you and your staff are aware of potential threats i.e. phishing attacks.
  • Do not use business machines to surf social sites (e.g. Facebook).
  • Never use passwords that include birthdays, names, pet names or social security numbers.
  • Educate staff regarding these Best Practices so all are aware.
  • Immediately escalate any suspicious transactions to the bank particularly, ACH or wire transfers.
  • Stay in touch with other businesses to share information regarding suspected fraud activity.
 

EBanking Security Settings

 
"Accept Cookies" - To simplify your sign on process, follow the instructions below to accept cookies from Key.

Internet Explorer - First save "Key" as a trusted site
  1. Select Tools from the top of your browser
  2. Select Internet Options
  3. Select Security Tab
  4. Select Trusted Sites icon
  5. Select Sites button, add "accounts.key.com" then select "OK"
Then accept Cookies:
  1. Select Tools from the top of your browser
  2. Select Internet Options
  3. Select Privacy Tab
  4. Select Advanced button
  5. Verify "Override automatic cookie handling" is unchecked, then select "OK"
  6. Select Sites, type in "key.com" in "Address of Web site" field, select Allow, then select "OK"
 
Firefox
  1. Select Tools from the top of your browser
  2. Select Options
  3. Select Privacy Tab
  4. In the Cookies section, check "Accept cookies from sites" and select "Keep until: they expire" from the dropdown
  5. In the Private Data section, uncheck "Always clear my private data when I close FireFox"
  6. Select Exceptions button to specify which websites are always or never allowed to use cookies. In the "Address of web site:" field, type "accounts.key.com" and select Allow
 
User IDs - Must be a unique combination of 9-20 characters and an not be your Social Security Number or Tax ID Number
 
Passwords - Must be at least 8 characters, include at least 1 number and 1 letter, be different from your User ID, and is case-sensitive
 
Security Questions - Used to verify your identity if you forget your User ID or password, can be changed at any time.
 
Automatic Timeout - Always "Sign Off" after you are done with your Online Banking session. If you do not, Online Banking will automatically sign you out after 20 minutes of inactivity.
 

Transaction & Monitoring Best Practices

 
  • Only allow specialized and trained key staff members to process ACH and Wire transactions.
  • Establish transaction dollar limits for employees that vary by authority levels.
  • Utilize balance level and any other appropriate alerts within Business eBanking.
  • If possible, and in particular for clients that do high value or large numbers of online transactions, we recommend you carry out all online banking activities from a stand-alone, hardened and completely locked down computer system from which e-mail and Web browsing are not possible.
  • Business owners / managers should run Activity Reports daily and scan network access for unidentified IP addresses, after hour attempted access and other suspicious activity.
 

e-Banking Dual Control Best Practices


Dual User Administration – Administration changes are processed in two steps:
  1. One individual performs the maintenance
  2. A second individual must approve it before the change(s) is effective.
 
Dual Transaction Control – Transactions (especially ACH and wires) are initiated through a two step process for increased security:
  1. One individual initiates a transaction
  2. A second individual must approve the transaction before it is processed.
 

Two-Factor Authentication


To ensure further security for transactions initiated through eBanking, two-factor authentication is encouraged. In two-factor authorization, a change/transaction is approved using two pieces of information:
 
  1. Something you know (Sign on and Password)
  2. Something you have (a token) - now available through the Presidio Bank by contacting your Relationship Services Manager
 
We recommend that the individuals assigned as the transaction approvers each have a token. Coupling the use of this token with the dual administration and transaction control recommendations, which prevent the approver from being able to initiate transactions, will prevent a hacker from being able to modify the ACH or wire transaction.
 
The process is fairly simple:
  • The token contains a clock and a unique serial number, coupled with an algorithm to produce a new Token Code every 60 seconds.
  • Each token is registered to an end-user and synchronized with Business Banking server.
  • The system validates the Token Code entered using the synched clock, serial number and the same algorithm each time it is used and the code is entered.
 

Positive Pay:


The Positive Pay function is part of Business eBanking and allows you to view any checks that were presented for payment to the Bank during yesterday’s business that differ from what you reported to have issued. The items are then reviewed and you are able to authorize the Bank to not pay a particular check that may be fraudulent.

This security feature will detect fraud and in particular prevent another newer fraud practice called Accounts Payable fraud:
  • A fraudster convinces an individual that they work for your company and you want
    to hire them to send payments to a number of people that have performed work
    for you. The employee is given checks with your company name, address, and
    account number and “innocently” performs this service.
  • The next thing you know is that 25 checks are all presented for payment against
    your account. If you are not paying close attention you may not notice that this has
    occurred for a couple of months and then it is legally too late to request a
    recovery for these fraudulent checks from your financial institution.

We recommend that you contract your Relationship Service Manager for this feature and/or implement an every day, first thing in the morning, practice of viewing the transactions that have posted to your account via Business eBanking.
 

General Financial Management Best Practices

 
  • All business and not-for-profit organizations should perform periodic account reviews that are independent of the account’s authorized signer(s). Such reviews are needed to reduce the risk of embezzlement and to verify the validity of the actual transactions being processed.
  • Dual control account reconciliation: One person can make deposits and write checks and another reconciles the account.
  • Educate your staff to not give out your account number to anyone unless you initiated the call.
  • Immediately escalate any suspicious transactions to Presidio Bank particularly, ACH transactions or wire transfers.
 

Presidio Bank Data & Network Security Protections


Presidio Bank from its beginning has had a strong commitment to protect our client’s vital data and in that regard has built a comprehensive system of policies and procedures, including both physical and software controls within the bank and through the service vendors the bank utilizes, to mitigate risk. The Bank has also designed our systems to provide multiple layers of security and protections to provide an even more secure environment. As an eBanking client you are aware that late last year we implemented an enhanced password configuration that exceeded government standards and most recently the bank launched Multi-Factor Out of Band which is a leading edge fraud protection service.
 
We have provided the above eBanking and General Financial Management Best Practices to assist you in protecting your company’s confidential and financial information. Please be sure to implement these practices to mitigate your risk of loss. Presidio Bank is not responsible for losses related to security weaknesses within your company.