How to Protect Your Business

Watch for Suspicious Transaction Activity

  • Review online banking reports and audit reports daily. Verify that ACH, Wire Transfer, and other transactions are valid. INTRUST Bank can assist you in protecting your accounts from both ACH and check fraud with the following procedural steps.
    • Check Positive Pay: A check fraud prevention service that compares checks presented for payment against a list of checks you have issued.
    • ACH Positive Pay: This service posts only ACH debit entries that you have authorized and automatically returns any unauthorized ACH activity on your account.
  • Watch for:
    • Suspicious transactions posting to your account.
    • Activity on Reports that is out of the ordinary.
  • If you suspect that someone is trying to gain access to your online banking information, notify a representative in INTRUST Bank's Treasury Services department. Representatives are available at 800-905-6630, Monday through Friday, 7:30 a.m. to 6:00 p.m. 
    • If an urgent situation arises, you can lock out your User ID by intentionally entering an incorrect password 3 times. This will lock the ID and require either the Admin to unlock it or the bank if you are locking the Admin ID.
  • Take steps to verify and create strong passwords. Our Business Online and Mobile Banking Best Practices
  • When you receive a non-routine request for a payment via email, take the time to contact the individual or business requesting the payment to verify the request is legitimate.


  • Have dedicated computers for accessing INTRUST Bank websites. 
  • Use one computer for transaction entry and approve transactions on another.
  • We strongly encourage you to limit or eliminate employees’ ability to browse the internet on computers that are used for commercial online banking. Establish an internet policy for your company.
  • Schedule daily scans of your computer to check for viruses.
  • Make sure your antivirus software, operating system, firewall, and internet browser are operating properly and are up to date.
  • Install the latest security updates and patches on your computer. If possible, turn on Windows Automatic Updates and schedule automatic installation of critical updates.
  • Read through our basic IT infrastructure article for more information.


  • Keep your passwords secure. User passwords, including PIN numbers and passwords generated from a security token, should never be shared with anyone. Please know that INTRUST Bank will never call and ask for a user's password or a single-use password from a security token.
  • Use different passwords for different websites.
  • Never write passwords down on paper or store them in an unencrypted computer file.
    • Utilize a password vault program that includes strong encryption.
  • When you’re creating a password, you should aim for a longer password.
    • Choose a string of random yet common words (i.e., “surprise house gum dress”) or a passphrase (i.e., “The blue banana danced with Peter Pan”) that can be easier for you to remember but take a long time for a hacker to guess.
    • Passwords should not contain your username, real name, or company name.
  • Read through our Passwords and Password Managers article for more information.


  • Never send sensitive information, such as account numbers, using unsecure email. (See the "Security" section below to determine whether an email is secure.)
  • Treat all unsolicited emails, calls, and text messages with caution. Never click on links from suspicious communications. When in doubt, delete the communication without opening it.
  • INTRUST Bank may send you marketing communication or contact you about your account.
    • We will never ask you to reveal your account password, debit card PIN, or one-time security code. Do not reveal or type this information anywhere or share it with anyone except to securely log in to online and mobile banking using or the INTRUST Bank mobile bank.
  • Learn more about business email compromise, recognizing cybersecurity attacks, and how to train your employees to help protect your business.

Online and mobile banking best practices

  • Do not use Admin login credentials (or users with equivalent permissions) for everyday use.
  • Ideally, setting up a user with administrative rights should only be necessary if that user will have to make system changes. You should limit the number of users with administrative rights to as few as possible.
  • Ensure ACH and wire transfer limits are set at levels appropriate for actual activity.
  • Users should be given only the permissions they need to do their jobs.
  • If you have multiple users performing online banking functions, make sure they are properly trained and understand the importance of keeping your company's banking activity secure.


  • Make sure the website you are visiting is secure. Look for a padlock icon on the browser's status bar and an "https://" instead of the usual "http://.”
  • Just because a website includes https and has a padlock icon does not mean that the website is legitimate. It only tells you that the data is being encrypted. It’s up to you to make sure the website address is legitimate. Only access websites you are familiar with and trust.