Security Procedures

Home » Security Procedures

Protecting Your Privacy & Funds

First Business Bank (“Bank”), takes the security of your financial information very seriously. We have a robust Information Security Program that includes investing in technology to protect your confidential information from outside attack, ensuring that bank records are maintained in secured facilities, and providing regular training to employees on the Bank’s security policies as well as proper methods to communicate with you, our clients, in a secure and confidential manner.

Identity theft, check fraud, corporate account takeover, and other financial fraud schemes are ever increasing and becoming more sophisticated. We recognize the importance of having Security Procedures to assist and protect you from these types of fraud schemes and have put together commercially reasonable Security Procedures (“Security Procedures”) to minimize risk while managing personal and corporate accounts.

If you are a business, please share this information with employees that interact with your finances.

The Bank staff will never initiate a request for sensitive information from you (i.e. social security number, personal login ID, password, PIN or account number) through an unsolicited email message or phone call.

SECURITY PROCEDURES

Learn more about the Security Procedures.

Fraud Prevention

Anyone who uses the internet or makes payments is a potential target for fraudsters. At First Business Bank, our first priority is protecting your business and personal information.

How we protect you:

Our team is trained on how to detect fraud and employs various mitigants to reduce fraud risk.
We have strict access control of our facilities, including 24/7 surveillance and security systems.
First Business Bank’s internet banking application will automatically log you out after 15 minutes of inactivity. This timed log-off reduces the risk of unauthorized access to your account from an unattended computer.
We provide multi-factor authentication that utilize user IDs and passwords (“Codes”) to identify clients when logging into internet banking or the mobile applications plus at least one other method of security for high-risk transactions, such as wire transfers or ACH.
First Business Bank’s mobile applications (for smartphones, tablets and other mobile devices) will automatically log you out after five minutes of inactivity. This shortened log-off period helps reduce risk from unauthorized access to your account if your mobile device is lost or stolen.
We encrypt your confidential banking data to protect it enroute to and from our servers.
We monitor payment channels for suspicious transactions to detect fraud.

How you can protect yourself:

First Business Bank needs you to be our partner in the fight against fraud. Security Procedures you should follow to reduce the risk of fraud and theft include:

Never reply to emails, phone calls, or text messages that request your business or personal information. First Business Bank will never contact you by email, phone, or text to ask for your account number, PIN, or any other confidential information. First Business Bank will only ask for confidential account information, such as account number, balance information, TIN or SSN, in response to a request initiated by you to verify you or your business’s identity for a wire transaction.
Sign up for alerts via internet banking for balance, transaction, and other alerts.
Go paperless; sign up for electronic statements and bill pay to eliminate paper invoices and the potential for checks and paper statements to be stolen out of the mail.
Sign up for First Business Bank’s Payee Positive Pay, Positive Pay, ACH Positive Pay, ACH Block and Filter, and SecurLOCK Equip.
Monitor your accounts. Review transactions on your account every day. If you identify something suspicious, contact First Business Bank immediately. Our contact information can be found here: https://firstbusiness.bank/locations/
Only do business with companies you know and trust. If you receive new payment instructions, contact the vendor at a phone number you have on your system to verify the legitimacy of the request. Do not rely on a phone number received from the vendor as it may be fraudulent.
Use anti-malware protection on your mobile devices and computers and update them frequently.
Use strong passwords for PCs and mobile devices and change them frequently. Use remote wipe capability for lost mobile devices to ensure sensitive information is not stolen.

The Security Addendum in the Master Treasury Management Services Agreement sets forth the required commercially reasonable Security Procedures that apply to all Services used by you. You agree to be bound by the Security Addendum regardless of the medium through which you access the Services. It is critical you understand and implement the Security Procedures. If you don’t, you could be liable for losses resulting in fraud.

CORPORATE ACCOUNT TAKEOVER AND IDENTITY THEFT

Identity theft occurs when your personal or business information is stolen and is used without your knowledge to commit fraud or other crimes. Identity theft can cost you time and money. It can destroy your credit and ruin your reputation. Common fraud detection and prevention services available include ID theft insurance for consumers, ACH Positive Pay, and Payee Positive Pay. First Business Bank strongly recommends all of them.

If you are a consumer, you may request a free credit report from each of the three major credit bureaus once a year. Thanks to a new law, you may freeze and unfreeze your credit file for free. This restricts access to your credit file, making it harder for fraudsters to open new accounts in your name.

Corporate account takeover is the business equivalent of personal identity theft. Fraudsters gain access to a business’s finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive business information that may not be recoverable. Business email compromise (“BEC”) schemes are a type of corporate account takeover and involve impersonating commercial victims to submit seemingly legitimate transaction instructions for First Business Bank to execute. It is also an exploit in which the fraudster gains access to a corporate email account and impersonates the owner or business executive’s identity to defraud the company. In account takeover activity, fraudsters access victims’ accounts and are able to directly or indirectly execute transactions.

First Business Bank requires the following Security Procedures to mitigate the risk of corporate account takeover:

Educate your employees about the warning signs, safe practices, and responses to a suspected takeover.
Protect your cyber environment. Do not use unprotected internet connections. Encrypt sensitive data and keep your network and computers updated with anti-virus software. Use complex passwords and change them frequently.
Use First Business Bank’s Positive Pay, Payee Positive Pay, ACH Block and Filter, and other fraud-prevention services.
Use dual control for all monetary transactions; separate the approver from the person inputting the transaction into accounting software or Online Banking.
Use segregation of duties for reconciling statements. The person initiating the payment must not be the person that performs reconciliation.
Use Online Banking alerts for minimum balances, monetary batch limits, unusual transactions, and password changes.
Pay attention to suspicious activity and react quickly. Watch for unexplained account or network activity, pop-ups, and suspicious activity. If detected, immediately contact First Business Bank at https://firstbusiness.bank/locations/. Stop all online activity, remove any system that may be compromised, and contact ic3.gov, the reporting mechanism to submit information to the Federal Bureau of Investigation and law enforcement concerning suspected internet-facilitated criminal activity.