Business Security Center

Fraud mitigation is essential for protecting your business’s financial health and reputation. From phishing scams to account takeovers, today’s threats are more sophisticated than ever. That’s why it’s critical to implement strong internal controls, educate employees, and monitor financial activity closely.

At Monson Savings Bank, we understand the challenges businesses face and offer a range of helpful services—including secure digital banking tools, fraud detection alerts, and personalized support—to help you stay one step ahead. With the right partner, your business can operate with confidence and security.

Fraud Mitigation Tools through Monson Savings Bank:

• Check Positive Pay
• ACH Positive Pay
• Account Reconciliation with Positive Pay

Contact Us

As digital banking becomes the norm for businesses, so do the risks. Cybercriminals are constantly evolving their tactics, and even a single vulnerability can lead to financial loss, data breaches, or reputational damage.

At Monson Savings Bank, we’re committed to helping businesses stay secure. Here are six major threats to watch for—and how to protect your business from them.

Viruses and Malware

What it is:
Malware is malicious software designed to infiltrate your systems, steal data, or disrupt operations. It can be delivered through email attachments, downloads, or infected websites.

How to protect your business:

• Install and regularly update antivirus software
• Avoid downloading files from unknown sources
• Keep operating systems and applications up to date
• Use firewalls and endpoint protection tools

Tip: Schedule regular scans and educate employees on safe browsing habits.

---

Insider Threats

What it is:
Insider threats come from employees, contractors, or partners who misuse their access—intentionally or accidentally—to compromise your systems or data.

How to protect your business:

• Limit access to sensitive information based on roles
• Monitor user activity and set up alerts for unusual behavior
• Conduct background checks and exit interviews
• Foster a culture of accountability and ethics

Trust is important—but so are controls.

---

Ransomware

What it is:
Ransomware locks your files or systems and demands payment to restore access. It can cripple operations and lead to data loss or extortion.

How to protect your business:

• Back up data regularly and store it offline or in the cloud
• Train employees to avoid suspicious links and attachments
• Patch software vulnerabilities promptly
• Use advanced threat detection tools

Never pay the ransom—report the attack and work with cybersecurity professionals.

---

Phishing Attacks

What it is:
Phishing emails trick recipients into clicking malicious links or sharing sensitive information, often by impersonating trusted sources.

How to protect your business:

• Train employees to recognize phishing attempts
• Use email filtering and anti-phishing tools
• Verify requests for sensitive information through a second channel
• Encourage reporting of suspicious messages

If it feels off, it probably is. Always double-check.

---

5. Account Takeover

What it is:
Cybercriminals gain unauthorized access to your business’s bank accounts, often through stolen credentials or malware.

How to protect your business:

• Use multi-factor authentication (MFA) for all banking access
• Monitor accounts daily and set up transaction alerts
• Use dedicated devices for banking
• Work with your bank to implement fraud detection tools

Early detection is key—review your accounts regularly.

---

Email Imposter Scams

What it is:
Also known as business email compromise (BEC), these scams involve fraudsters impersonating executives or vendors to trick employees into transferring funds or sharing confidential data.

How to protect your business:

• Verify all payment requests, especially those involving changes to account details
• Train staff to spot spoofed email addresses and urgent language
• Use dual approval processes for financial transactions
• Implement domain-based email authentication (SPF, DKIM, DMARC)

Trust, but verify—especially when money is involved.

---

By understanding these threats and taking proactive steps, your business can stay secure and confident in the digital space.

At Monson Savings Bank, we’re here to help you protect what matters most. If you have questions about digital banking security or want to explore our fraud prevention tools, contact your business banking representative today.

Resources

Internet Crime Complaint Center: www.ic3.gov
Consumer Fraud (Department of Justice Homepage): www.usdoj.gov
Federal Trade Commission (FTC) Consumer Response Center: www.ftc.gov
Consumer Guides and Protection:www.usa.gov
Online Privacy and Security: consumer.ftc.gov/identity-theft-and-online-security/online-privacy-and-security
U.S. Computer Emergency Readiness Team (US-CERT): www.us-cert.gov/ncas/tips

FFIEC Business Account Guidance, Risk Assessment, and Layered Security

New financial standards will assist banks and business account holders to make online banking safer and more secure from account hijacking and unauthorized funds transfers.

Banks and businesses team up for security

As someone responsible for a business bank account, you will want to know that new supervisory guidance from the Federal Financial Institutions Examination Council (FFIEC) are helping banks strengthen their vigilance and assure that your business accounts are properly secured during money transfers of all kinds. FFIEC is the coordinating group that sets standards for the major financial industry regulators and examiners.

Understanding the risks

FFIEC studies have shown that there have been significant changes in the threat landscape in recent years. Fraudsters—many from organized criminal groups—have continued to deploy more sophisticated methods to compromise authentication mechanisms and gain unauthorized access to customers’ online accounts. For example, hacking tools have been developed and automated into downloadable kits, increasing their availability to less experienced fraudsters.

As a result, online account takeovers and unauthorized funds transfers have risen substantially each year since 2005, particularly with respect to commercial accounts, representing losses of hundreds of millions of dollars.

Enhanced controls protect higher risks

The FFIEC supervisory guidance addresses the fact that not every online transaction poses the same level of risk, recommending that financial institutions implement more robust controls as the risk level of the transaction increases.

Online business transactions generally involve ACH file origination and frequent interbank wire transfers. Since the frequency and dollar amounts of these transactions are generally higher than consumer transactions, they pose a comparatively increased level of risk to the institution and its customer, according to FFIEC. Thus banks are advised to implement security plans utilizing controls consistent with the increased level of risk for covered business transactions.

These enhanced controls are designed to exceed the controls applicable to routine customer users. For example, a preventive control could include requiring an additional authentication routine prior to final implementation of the access or application changes. A detective control might include a transaction verification notice immediately following implementation of the submitted access or application changes. Based upon the incidents the Agencies have reviewed, enhanced controls over administrative access and functions can effectively reduce money transfer fraud.

Layered security for increased safety

Your bank uses both single and multi-factor authentication, as well as additional “layered security” measures when appropriate.

Layered security is characterized by the use of different controls at different points in a transaction process so that a weakness in one control is generally compensated for by the strength of a different control. This allows your bank to authenticate customers and respond to suspicious activity related to initial login…and then later to reconfirm this authentication when further transactions involve the transfer of funds.

For business accounts, layered security might often include enhanced controls for system administrators who are granted privileges to set up or change system configurations, such as setting access privileges and application configurations and/or limitations.

Summary of recommendations for business accounts

• Banks to urge business account holders to conduct periodic assessment of their internal controls
• Use layered security for system administrators
• Initiate enhanced controls for high-dollar transactions
• Provide increased levels of security as transaction risks increase
• Offer customers multi-factor authentication

Internal assessments at your bank

The new supervisory guidance offers ways your bank can look for anomalies that could indicate fraud. The goal is to ensure that the level of authentication called for in a particular transaction is appropriate to the level of risk in that application. Accordingly, your bank has concluded a comprehensive risk assessment of its current methods as recommended in the FFIEC guidelines. These risk assessments consider, for example:

• Changes in the internal and external threat environment
• Changes in the customer base adopting electronic banking
• Changes in the customer functionality offered through electronic banking; and
• Actual incidents of security breaches, identity theft, or fraud experienced by the institution or industry.

Your bank joins FFIEC and the financial regulatory agencies in strongly urging businesses account holders to conduct similar internal assessments to ensure the highest level of security possible for your transactions.

Examples of layered security for business accounts

Whenever increased risk to your transaction security might warrant it, your bank will have available additional verification procedures, or layers of control, such as:

• Fraud detection and monitoring systems that include consideration of customer history and behavior;
• Dual customer authorization through different access devices;
• Out-of-band verification for transactions;
• “Positive pay,” debit blocks, and other techniques to appropriately limit the transactional use of the account;
• Transaction value thresholds, number of transactions allowed per day, and allowable payment windows (e.g., days and times);
• Internet protocol (IP) reputation-based tools to block connection to banking servers from IP addresses known or suspected to be associated with fraudulent activities;
• Policies and practices for addressing customer devices identified as potentially compromised and customers who may be facilitating fraud;
• Account maintenance controls over activities performed by customers either online or through customer service channels.

Your protections under “Reg E”

Banks follow specific rules for electronic transactions issued by the Federal Reserve Board known as Regulation E. Under the protections provided under Reg E, consumers can recover internet banking losses according to how soon they are reported. In general, these protections are extended to consumers and consumer accounts.

Fraud Moves Fast—You Should Too

Protect yourself by immediately reporting any suspicious activity. If you believe your bank account may be compromised or you have experienced any security related events, and can contact us at 413-267-4646.

Report identity theft to the FTC

If you suspect that your identity has been used fraudulently, we urge you to visit the Federal Trade Commission's website to report identity theft.

Federal Trade Commission (FTC)

Toll-free Hotline: 1-877-ID-THEFT (438-4338)

www.IdentityTheft.gov

You can also obtain detailed advice on proactive steps you should consider taking to protect yourself, including:

• How to order obtain an annual free copy of your credit reports
• How to place free, one-year fraud alerts on your credit file
• How to place extended fraud alerts and security freezes on your credit file

---

Place a Fraud Alert on Your Credit Report

If you believe you’ve been a victim of identity theft or fraud, placing a fraud alert on your credit report is a smart first step. A fraud alert warns creditors to take extra steps to verify your identity before opening new accounts.

You only need to contact one of the three major consumer reporting companies — they are required to notify the others.

Contact Information:

Equifax	1-800-525-6285	www.equifax.com
Experian	1-888-397-3742	www.experian.com
TransUnion	1-800-680-7289	www.transunion.com

---

File Complaints

File a report with your local police or law enforcement agency. Have a copy of your FTC complaint form available. Obtain a copy of the police report and case number for future reference.