Category Archives: Fraud Protection

Treasury Management – Manage and Protect Your Funds More Effectively

Screen Shot 2016-04-25 at 11.51.43 PM

Moving money and executing transactions is easier than ever, but what is your business doing to make sure your funds aren’t at risk? From the most elaborate cyber attacks to a simple unauthorized alteration on a check, you could be vulnerable to all kinds of fraud.

Financial institutions have processes and procedures in place to help protect against fraud. But the increasing risk and sophistication of cyber crimes in particular, both at home and in the office, makes it especially important for everyone to be vigilant and cautious. That’s why The Biltmore Bank of Arizona continually invests in tools and resources to help detect potentially fraudulent transactions and accounts with a high potential for fraud. We believe it is equally important for our clients to understand the risks and be aware of the steps you can take to help protect your business assets. We want to share a few of the practices we follow and the products we offer to help you minimize your vulnerability.

With so many ways that passwords can be compromised – from inadvertent sharing with others to malware that mines your personal information — protecting the secure access to your online accounts is crucial. Ever heard of a keylogger? It’s malware that captures and records a user’s keystrokes. It can be used by a cyber-criminal to record your passwords and a variety of other information. As a deterrent to these kinds of compromises, Biltmore Bank business clients use a secure access code to access their accounts through online banking, and the associated password expires every 90 days. This precaution helps protect against a possible breach if your password falls into the wrong hands.

Most people know that Internet connections can be vulnerable to compromise. Various layers of protection are available, including firewalls, anti-virus software and network encryption, but cyber criminals are always working to try to break through these barriers. That’s why these programs are continuously updated and why keeping current with each new release is so critical. To provide a secure web channel between our client’s computer and the bank’s online banking site, so that no other user can get in the middle, we offer Trusteer Rapport software to our business clients. This free, downloadable software helps to prevent malware and phishing attacks and provides sustainable fraud protection.

One of the most frequent targets for cyber thieves are ACH payments – payments created when you give an originating party authorization to debit directly from your checking or saving account for the purpose of bill payment. To commit ACH fraud, all a cyber thief needs is your account number and the bank routing number, which can be taken directly from an unsuspecting victim’s check. Our ACH Fraud Protection Services enable business clients to review these transactions before they are complete and to choose to pay or return each item, to guard against fraudulent automatic withdrawals. If you know you won’t be using these electronic payments, we can set up an ACH block so that no ACH payments are allowed. Or, if you only expect ACH withdrawals from a handful of vendors, you can restrict your ACH authorization to just those few vendors.

As an added layer of protection, your online banking profile can also be IP address-restricted, meaning if a request to transfer funds from your Phoenix-based company is issued by an IP address located in New York, the transaction will be rejected. Our Risk Fraud Analytics system reviews all of your company’s transactions for other anomalies as well. You also have the option to set a maximum dollar limit for transactions you may initiate. If that limit is exceeded, the transaction will automatically be rejected. In addition, you’ll be alerted if someone changes a password, user entitlements, dollar limits and more. Business clients can also set up dual control on their wires and ACH transactions. This can reduce employee fraud, but it also makes it more difficult for cyber criminals to complete a fraudulent transfer since two people within the business must sign off on these transactions.

One of the most prevalent types of fraud today is cyber deception, which is usually the result of human error – falling victim to complex scams in which criminals pose as a trusted colleague, business associate or vendor in order to gain access to your financial assets. It is particularly hard to detect. These schemes are typically executed via email, but cyber criminals have become increasingly adept at spoofing phones as well. What you believe to be a legitimate request could result in you unwittingly paying a crook. For more on this topic, please refer to the cyber security article from the FBI we republished on our blog.

Of course, fraud schemes aren’t always so sophisticated. If someone has altered a check you’ve issued, you might never notice – until it is too late. A simple safeguard against this kind of theft is our Positive Pay Service. You provide the bank with what is essentially a digital check register and we match it against the checks presented for payment. If we see any discrepancies, we notify you so that you can review and decide whether or not the check should be paid. All checks presented for payment are verified, including checks presented in person at our banking offices.

Businesses with a high volume of checks arriving through the mail are at risk of crooks intercepting these payments. We offer a layer of protection through our Lock Box Service, which streamlines the remittance process. Payments are sent to a secure post office box where they are collected by the bank several times a day and deposited directly into your Biltmore Bank account. The post office box and speedy collection system help minimize the opportunities for the check to be intercepted after it’s placed in the mail. The service also provides timely payment receipt reporting and provides you access to electronic and paper remittance images online to update your receivables or research customer questions.

To discuss how you can layer additional treasury management protections onto your business accounts, contact your Biltmore Bank of Arizona relationship manager or call our office.



Identity Theft – A Practical Guide from the Federal Trade Commission


Do you know the red flags of identity theft? The Federal Trade Commission↗ has published a very helpful guide to not only help you recognize identity theft, but also protect yourself and your business against it and to take action if it happens to you. You can download a copy of the brochure for free on their website.↗ The following are some highlights from the brochure we’d like to share with our readers.

Red Flags of Identity Theft

  • Mistakes on your bank, credit card or other account statements
  • Mistakes on the explanation of medical benefits from your health plan
  • Your regular bills and account statements don’t arrive on time
  • Bills or collection notices for products or services you never received
  • Calls from debt collectors about debts that don’t belong to you
  • A notice from the IRS that someone used your Social Security number
  • Mail, email or calls about accounts or jobs in your minor child’s name
  • Unwarranted collection notices on your credit report
  • Businesses turn down your checks
  • You are turned down unexpectedly for a loan or job

How to Protect Your Information

  • Read your credit reports. You have a right to a free credit report every 12 months from each of the nationwide credit reporting companies. To order, go to or call 877-322-8228.
  • Read your bank, credit card and account statements, as well as the medical explanation of benefits from your health plan. If a statement has errors or doesn’t come out on time, contact the business.
  • Shred all documents that show personal, financial and medical information before you throw them away.
  • Don’t respond to email, text and phone messages that ask for personal information. Legitimate companies don’t ask for information this way. Delete the messages.
  • Create passwords that mix letters, numbers and special characters. Don’t use the same password for more than one account.
  • If you shop or bank online, use websites that protect your financial information with encryption. (An encrypted site has https at the beginning of the web address.)
  • If you use a public wireless network, don’t send information to any website that isn’t fully encrypted.
  • Use anti-virus and anti-spyware software, as well as a firewall on your computer.
  • Set your computer’s operating system, web browser and security system to update automatically.

If Your Identity Is Stolen

  • Call one of the nationwide credit reporting companies, and ask for a fraud alert on your credit report. The company you call must contact the other two so they can put fraud alerts on your files. An initial fraud alert is good for 90 days.
    • Equifax: 800‑525‑6285
    • Experian: 888‑397‑3742
    • TransUnion: 800‑680‑7289
  • Order your credit reports. Each report about you is slightly different, so order a report from each company. If you see mistakes or signs of fraud, contact the credit reporting company.
  • Create an Identity Theft Report. An Identity Theft Report can help you get fraudulent information removed from your credit report, stop a company collecting debts caused by identity theft and get information about accounts a thief opened in your name.

To create an Identity Theft Report:

  • File a complaint with the FTC at or 877-438-4338; TTY: 866-653-4261. Your completed complaint is called an FTC Affidavit.
  • Take your FTC Affidavit to your local police, or to the police where the theft occurred and file a police report. Get a copy of the police report.
    The two documents comprise an Identity Theft Report.

Identity theft can rob you of time, money and peace of mind. Implementing a methodical system to prevent, recognize and remedy it is your best line of defense. We hope this article helps you create or refine your plan.


↗ Linking to Non-Biltmore Bank Websites

This icon appears next to every link that directs to a third party website not affiliated with Biltmore Bank. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Biltmore Bank. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Biltmore Bank assumes no liability for the content, information, security, policies or transactions provided by these other sites.


EMV Chips – What They Mean To You


Whether you are a merchant, a consumer or both, EMV chip technology is great news. Also known as smart chip technology, EMV is a global payment standard designed to reduce fraudulent transactions where payment cards are physically present at the time of the transaction.

EuroPay, MasterCard® and Visa® (thus the abbreviation EMV) developed the EMV chip technology to combat counterfeit card fraud. Outside the U.S., more than 130 countries in Asia, Europe and South America, as well as Canada and Mexico, have already embraced the technology, and counterfeit credit card fraud has declined noticeably in those countries.

Here in the U.S., credit cards enabled with an EMV chip are gradually replacing their magnetic strip ancestors. If your payment card has a chip, you will see a small metallic square on the front of the card. Cards still have magnetic strips, too, so that you can use them at merchants that don’t yet accept chip cards.

The difference between EMV cards and the traditional magnetic strip cards is that the EMV chip better protects against unauthorized use by generating a unique number for each sales transaction. The magnetic strips on traditional cards contain unchanging data. When an EMV card is used for payment, the card chip creates a unique transaction code that cannot be used again. If a counterfeiter steals the chip information from one specific point of sale, typical card duplication would not work because the stolen transaction number created in that instance wouldn’t be usable again, and the card would be denied. Therefore, even if card data and the one-time code are stolen, the information can’t be used to create a counterfeit card.

EMV cards can be used at stores or at ATMs. The readers may differ, but each includes a slot in which to insert the card – with the EMV chip facing up. Directions on the screen instruct the user about what to do next. Generally, the chip card stays in the machine until the transaction is complete. If your card has an EMV chip and you attempt to swipe the magnetic strip instead, an error will appear and you will be prompted to insert the card for chip processing instead.

Credit and debit card providers are now rolling out the EMV chip cards, providing customers with an extra layer of security and confidence. The Biltmore Bank of Arizona card holders can expect to receive their new cards in the next few months. In the meantime, card holders can continue to use their magnetic strip cards at stores and ATMs.

For merchants, EMV software-equipped terminals offer the most secure way to accept in-store payments and reduce fraud liability risk, especially since the liability shifted to merchants on October 1, 2015 in the event that fraud occurs on a chip card presented in-store and chip card terminals weren’t used.

Additional information about EMV chip technology can be found here.↗


↗ Linking to Non-Biltmore Bank Websites

This icon appears next to every link that directs to a third party website not affiliated with Biltmore Bank. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Biltmore Bank. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Biltmore Bank assumes no liability for the content, information, security, policies or transactions provided by these other sites.


FBI Article: Ransomware on the Rise

We noticed that a lot of you really liked the last FBI cyber security article we ran. We’re pleased the Bureau has encouraged us to share their articles on this topic, so we’re happy to do so again. This article deals with a concerning type of cybercrime called ransomware, where a malware restricts access to the infected computer/network and demands that the operators pay some sort of ransom to regain control of their network. We hope this article is helpful to you. Please let us know if you have information or ideas on this topic that our readers may want to hear.

You can find this article, as well as many other articles you may find valuable to keep your business and staff secure against cybercrime, at this web address:↗

For more information about fraud protection tools and product features provided by The Biltmore Bank of Arizona, please visit our website.

Ransomware on the Rise
FBI and Partners Working to Combat This Cyber Threat

Your computer screen freezes with a pop-up message—supposedly from the FBI or another federal agency—saying that because you violated some sort of federal law your computer will remain locked until you pay a fine. Or you get a pop-up message telling you that your personal files have been encrypted and you have to pay to get the key needed decrypt them.

Screen Shot 2015-12-03 at 10.50.23 AMThese scenarios are examples of ransomware scams, which involve a type of malware that infects computers and restricts users’ access to their files or threatens the permanent destruction of their information unless a ransom—anywhere from hundreds to thousands of dollars—is paid.

Ransomware doesn’t just impact home computers.
Businesses, financial institutions, government agencies, academic institutions, and other organizations can and have become infected with it as well, resulting in the loss of sensitive or proprietary information, a disruption to regular operations, financial losses incurred to restore systems and files, and/or potential harm to an organization’s reputation.

Ransomware has been around for several years, but there’s been a definite uptick lately in its use by cyber criminals. And the FBI, along with public and private sector partners, is targeting these offenders and their scams.

Screen Shot 2015-12-03 at 10.47.22 AMWhen ransomware first hit the scene, computers predominately became infected with it when users opened e-mail attachments that contained the malware.
But more recently, we’re seeing an increasing number of incidents involving so-called “drive-by” ransomware, where users can infect their computers simply by clicking on a compromised website, often lured there by a deceptive e-mail or pop-up window.

Another new trend involves the ransom payment method. While some of the earlier ransomware scams involved having victims pay “ransom” with pre-paid cards, victims are now increasingly asked to pay with Bitcoin, a decentralized virtual currency network that attracts criminals because of the anonymity the system offers.

Also a growing problem is ransomware that locks down mobile phones and demands payments to unlock them.

The FBI and our federal, international, and private sector partners have taken proactive steps to neutralize some of the more significant ransomware scams through law enforcement actions against major botnets↗ that facilitated the distribution and operation of ransomware.

For example:

  • Reveton ransomware, delivered by malware known as Citadel, falsely warned victims that their computers had been identified by the FBI or Department of Justice as being associated with child pornography websites or other illegal online activity. In June 2013, Microsoft, the FBI, and our financial partners disrupted a massive criminal botnet built on the Citadel malware, putting the brakes on Reveton’s distribution. FBI statement↗ and additional details.↗
  • Cryptolocker was a highly sophisticated ransomware that used cryptographic key pairs to encrypt the computer files of its victims and demanded ransom for the encryption key. In June 2014, the FBI announced—in conjunction with the Gameover Zeus botnet disruption—that U.S. and foreign law enforcement officials had seized Cryptolocker command and control servers. The investigation into the criminals behind Cryptolocker continues, but the malware is unable to encrypt any additional computers. Additional details.↗

If you think you’ve been a victim of Cryptolocker, visit the Department of Homeland Security’s U.S. Computer Emergency Readiness Team (CERT) CryptoLocker webpage↗ for remediation information.

The FBI—along with its federal, international, and private sector partners—will continue to combat ransomware and other cyber threats. If you believe you’ve been the victim of a ransomware scheme or other cyber fraud activity, please report it to the Bureau’s Internet Crime Complaint Center.


↗ Linking to Non-Biltmore Bank Websites

This icon appears next to every link that directs to a third party website not affiliated with Biltmore Bank. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Biltmore Bank. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Biltmore Bank assumes no liability for the content, information, security, policies or transactions provided by these other sites.