Watch for Suspicious Activity
- Review online banking reports and audit reports on a daily basis. Verify that ACH, Wire Transfer and other transactions are valid. INTRUST Bank can assist you in protecting your accounts from both ACH and check fraud with the following procedural steps.
- Check Positive Pay: A check fraud prevention service that compares checks presented for payment against a list of checks you have issued.
- ACH Positive Pay: This service posts only ACH debit entries that you have authorized and automatically returns any unauthorized ACH activity on your account.
- Things to watch for:
- Suspicious transactions posting to your account
- Activity on Reports that is out of the ordinary
- If you suspect that someone is trying to gain access to your online banking information, notify a representative in INTRUST Bank's Treasury Services Department. They can be reached from 7:30 am to 6:00 pm at 316-383-1494 or toll free at 800-905-6630.
- If an urgent situation arises, you can lock-out your User ID by intentionally entering an incorrect password 3 times. This will lock the ID and require either the Admin to unlock it or the bank if you are locking the Admin ID.
- Have dedicated PC(s) for accessing bank sites.
- Use one computer for transaction entry and approve transactions on another.
- We strongly encourage you to limit, or better yet, eliminate web surfing activity on those PCs that are used for commercial online banking. Establish an internet policy for your company.
- Schedule daily scans of your computer to check for viruses.
- Make sure your antivirus software, operating system, firewall and internet browser are operating properly and are up to date.
- Install the latest security updates and patches on your computer. If possible, turn on Windows Automatic Updates and schedule automatic installation of critical updates.
- Keep your passwords secure. User passwords, including PIN numbers and passwords generated from a security token, should never be shared with anyone. Please know that INTRUST Bank will never call and ask for a user's password or a single-use password from a security token.
- Use different passwords for different websites.
- Never write passwords down on paper or store them in an unencrypted computer file.
- Utilize a password vault program that includes strong encryption.
- Change passwords regularly.
- Use strong passwords.
- Use a combination of upper and lower case letters, numbers and keyboard symbols.
- Passwords should not contain your username, real name or company name.
- Never send sensitive information, such as account numbers, via unsecure email. (See "Security" below to determine whether an email is secure.)
- Treat all unsolicited emails with caution and never click on the links from such emails to visit unknown websites. When in doubt, delete the email without opening it.
- As a convenience to you, emails from INTRUST may include links to reach pertinent information on our website. However, if you suspect that an email appearing to be from INTRUST is fraudulent (from an illegitimate source posing as INTRUST) or if the online banking website does not include the personal security cues you're accustomed to seeing when logging in, we recommend that you login to our online banking websites by opening intrustbank.com in a new browser window instead of the links provided in emails.
- Do not use Admin login credentials (or users with equivalent permissions) for everyday use.
- Ideally, users with administrative rights should only be used when making changes to the system. You should limit the number of users with administrative rights to as few as possible.
- Ensure ACH, Wire and Book Transfer limits are set at levels appropriate for actual activity.
- Users should be given only the permissions they need to do their jobs.
- If you have multiple users performing online banking functions, make sure they are properly trained and understand the importance of keeping your company's banking activity secure.
- Make sure the website you are visiting is secure.
- If the website you are visiting is on a secure server, then should start with "https://" instead of the usual "http://"
- Look for a padlock icon on the browser's status bar.
- Please note that the fact the website is using encryption does not mean that the website is legitimate. It only tells you that the data is being sent encrypted.