Online business banking is a valuable business tool if it is conducted securely. City National is committed to providing our business clients with the technology and resources that will help you with the safety and security of your online banking transactions.
Helping to safeguard your online business banking transactions is a shared responsibility.
City National provides the following safeguards:
Secure Log-on - Access to the bank's payment systems are allowed only after users log-on using current passwords. Users are automatically "locked out" after a pre-set number of unsuccessful log-on attempts or after a specified time period.
Multifactor Authentication - When a user attempts to access the system using an unrecognized computer, this screening process asks a series of security questions, requiring answers given by and known to the user.
Monitoring – We are constantly monitoring our systems for unusual activity and will contact your System Administrator if we suspect unauthorized use of one of your user’s profiles.
Multi-user Management Controls – Your company System Administrator establishes access controls for all end-users, specifying which accounts employees can access and the types of transactions they can conduct. One critical control is to require dual approvals for funds movement, such as ACH and wire transactions. Controls also can help audit and track all user transactions and activities.
Security Token Technology - Security token codes uniquely generated during each use are required to authenticate wire and ACH transactions only at the time transaction(s) are to be released.
- City National does not ask for your security token code information at any other time, such as at login or to verify your identity. Asking for your security token code at other times is a known tactic of hackers and entering or providing your security token code may allow an unauthorized financial transaction for which you will be responsible. Immediately contact your System Administrator and Treasury Management Client Services if you receive such a request.
How you can safeguard your online banking activities:
You can help protect your systems against fraud and loss to you by reviewing the following recommendations and instituting strong controls with your business:
- Secure your computer – If possible, conduct all online banking activities from a dedicated computer with up-to-date software and on a secure network.
- Password protection - Require password protection for all devices your company may use for online banking activities – computers, tablets and mobile phones. Educate your staff who may use their personal devices when away from the office.
- Device protection software - Ensure all your devices have up-to-date antivirus software, anti-spyware software, anti-adware software and a firewall.
- Manage administrative rights - Limit administrative rights on any computer that will be used to access online banking to minimize potential for malware infection.
- Monitor account activity - Review and reconcile banking transactions on a daily basis.
- Dual control for user administration - Require dual approval for user administration, creating an automatic review process for any new user creation or modification of entitlements.
- Dual control for money movement - Require dual approval for funds movement, such as ACH and wire transactions and wire templates.
- Implement transaction limits – If your users will only make transactions no higher than a certain value, make sure to establish transaction limits.
- Different computer for approvals - Use different computers to originate and approve a transaction.
- End your banking session - Log out of online banking as soon as the transaction is complete.
- Beware of suspicious activity - Contact Treasury Management Client Services immediately at (800) 599-0020 if you suspect any unauthorized activity or notice any unusual error messages when logging onto an online system.
- Beware of social engineering threats – Develop controls and train your staff to always verify requests.
- Implement a change control verification process for requests to change payee contact information on file, e.g., phone, address, account number, point of contact, new vendor.
- If your staff receives an email request to complete a transaction, verify the source of the request with a call to the person’s desk or mobile phone on file.
- If your staff receives a phone request about a transaction, verify the source with an email and call back to the requestor’s phone on file.
- Keep tokens up to date. Over time, token batteries will decline in power and eventually the token will become inoperable. When your token screen loses contrast, it’s a sign your System Administrator should request a new one only by calling Treasury Management Client Services, who will validate your request for your protection and arrange to send you a replacement.
These recommendations are not exclusive and may not protect you in all circumstances. Remember, only you can prevent fraudulent transactions and unauthorized access to your accounts. You are responsible for maintaining the security of your systems and business banking transactions.
If you have a question about the validity of an email you receive or any unusual messages or Screens or other suspicious activity, contact Treasury Management Client Services at (800) 599-0020, Monday - Friday 5:30 a.m. - 7 p.m. Pacific Time.
Your Treasury Management Services Disclosure and Agreement provides additional information regarding security and equipment requirements.