Business Security

Safe financial practices can help protect hard-earned profits.

Cybercriminals and scammers are constantly finding new ways to obtain sensitive information from Shenandoah Valley, Virginia, businesses. By fine tuning business banking practices and taking prudent steps when using digital banking tools, your business can fight back against fraud and identity theft.

F&M Bank offers effective cybersecurity tips and services.

Cybersecurity is defined as the “art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.”

So what are the best practices for businesses trying to safeguard critical data? Here are some of the ways our bank can help your business - and your business can help itself.

Account Access Security

Use F&M Bank’s Fraud Prevention Services for Business. Our platform allows you to control how your accounts are accessed and who has access to your funds.

Sign up for F&M Cash Management Services.

Provide individual online banking credentials to your staff and enforce various security measures to limit access and functionality.
Enforce time-of-day and IP address restrictions
Dedicate view-only access from transactional access employees

Enroll in Positive Pay with F&M Bank.

Positive Pay matches the check number, dollar amount, and account number against an authorized electronic file provided by your business. We take care of comparing every check presented for payment against the electronic file.
Checks that don’t match this list are presented for your review in F&M’s online banking platform. You determine if it should be paid or returned.

Encourage your vendors to accept your payments via ACH.

Paying via check has been a traditional method of payment for decades. However, your checks include all of your account information and that puts you at risk if your check falls into the wrong hands. With F&M Bank’s cash management platform, your company can send direct electronic payments via ACH to vendors without exposing your sensitive information.

Utilize Business Bill Pay for payments. If the company you’re paying is in the iPay network, they can send the payment electronically, which will reduce delivery time or the need for ACH origination.

Mobile Banking Security Awareness

F&M Mobile is F&M Bank’s secure mobile application that allows clients to manage their bank accounts from a mobile device from any location with mobile data or Wi-Fi connection. Our mobile app allows clients to view account transaction history details, freeze their debit card, transfer funds, submit check-imaged mobile deposits, open anew account, and chat with a bank representative.

Tips For Secure Mobile Banking

F&M Bank will never ask for your password under any circumstances. Do not tell your password to others under any circumstances (including mobile phone support operators or mobile phone sales representatives, etc.). Fraudsters will try to obtain mobile banking passwords by e-mail, letter and phone calls. If you have any doubts, please contact F&M Bank.
Please use strong passwords that are not easily guessable. They should be composed of numbers, letters (upper case and lower case) and special characters.
It is good practice to change your mobile banking password regularly.
Do not lend others your phone with the mobile banking function opened.
F&M Mobile offers facial and fingerprint recognition on iOS and Android devices. Enabling this feature on your device further protects your account from being accessed by an untrusted source if your device is misplaced or stolen.

Online Banking Security

Like F&M Mobile, F&M Bank’s Online Banking platform is a secure portal for clients to access account details, freeze their Visa debit card, set up Bill Pay payments, transfer funds, open a checking account, and chat with a bank representative. Our Online Banking uses several methods to protect your information.

Our system tracks your pattern of accessing our site – meaning it can detect when you are signing into your account from a new device or browser.
Attempts to access your account from a new or unfamiliar device prompts our system to verify your identity with multifactor authentication and security questions you established at account opening.
All information within Online Banking uses the Secure Socket Layer (SSL) protocol for transferring data. SSL is a cryptosystem that creates a secure environment for the information being transferred between your browser and F&M Bank.

Tips For Secure Online Banking

Never give out any personal information including: User names, passwords, Social security number, date of birth.
Create difficult passwords, which include letters, numbers and symbols when possible.
Don’t use personal information for your user names or passwords, such as birth dates and social security numbers.
Avoid using public computers to access your Online Banking.
Don’t give any of your personal information to any website that does not use encryption or other secure protection methods.

Debit Card Protection

Debit card usage and cybershopping have increased dramatically in recent years, and fraudulent use of debit cards has also increased.

We at F&M Bank have some suggestions for you for the care and usage of debit cards.

NEVER give your debit card information when requested by phone, email, or texting. F&M Bank, or any other reputable financial institution will never ever request thank you provide your full debit card number in this manner. Please contact us if you receive any such request.
If you suspect your card has been compromised, misplaced, or lost, contact F&M Bank immediately. You can freeze your card on F&M Mobile and Online banking which will turn your card off to prevent unauthorized charges.

Regulation E: Electronic Fund Transfers

This law is designed to protect consumers making electronic fund transfers. The term “electronic fund transfer” (EFT) generally refers to a transaction initiated through an electronic terminal, telephone, computer, or magnetic tape that instructs a financial institution either to credit or debit a consumer’s asset account.

The Electronic Fund Transfer Act (also known as Regulation E) was issued by the Board of Governors of the Federal Reserve System and adopted in 1978 as an addon to the Consumer Credit Protection Act. The law and regulation establish the basic rights, liabilities, and responsibilities of consumers who use electronic fund transfer services and of financial institutions that offer these services.

Business/Commercial clients are not covered by Regulation E. As a result, it is critical that business/commercial clients implement sound security practices within their places of business as outlined in this Program to reduce the risk of fraud and unauthorized transactions from occurring.

Good practices can keep business/commercial clients’ information secure.

Corporate Account Takeover (CATO) is a form of identity theft in which criminals steal your valid online banking credentials. The attacks are usually stealthy and quiet. Malware introduced onto your systems may go undetected for weeks or months. Account-draining transfers using stolen credentials may happen at any time and may go unnoticed depending on the frequency of your account monitoring efforts.

The good news is, if you follow sound business practices, you can protect your company:

Use layered system security measures: Create layers of firewalls, anti-malware software and encryption. One layer of security might not be enough. Install robust anti-malware programs on every workstation and laptop. Keep the programs updated.
Educate your employees about cyber crimes. Make sure your employees understand that just one infected computer can lead to an account takeover. Make them very conscious of the risk, and teach them to ask the question: “Does this e-mail or phone call make sense?’ before they open attachments or provide information.
Block access to unnecessary or high-risk websites. Prevent access to any website that features adult entertainment, online gaming, social networking and personal e-mail. Such sites could inject malware into your network.
Establish separate user accounts for every employee accessing financial information, and limit administrative rights. Many malware programs require administrative rights to the workstation and network in order to steal credentials. If your user permissions for online banking include administrative rights, do not use the same credentials for day-to-day processing.
Use approval tools in cash management to create dual control on payments. Requiring two people to issue a payment – one to set up the transaction and a second to approve the transaction – doubles the chances of stopping a criminal from draining your account.
Review or reconcile accounts online daily. The sooner you find suspicious transactions, the sooner the theft can be investigated.

Key Contacts

For more information about identity theft and other tips on protecting yourself and your information, please visit the following websites or call the agencies.

iOS and Android Users

Download the F&M Bank app on your mobile device.

Additional Resources and Support

Computer Security

Federal Trade Commission

FDIC Consumer Alerts

U.S. Department of Justice

What Is Identity Theft?

Identity theft involves the unlawful acquisition and use of someone’s identifying information, such as:

Name
Address
Date of birth
Social Security number
Mother’s maiden name
Drivers license number
Bank or credit card account number

Mature man looking at a digital tablet that a colleague is showing at work

How Do I Protect Myself?

Report lost or stolen checks or credit cards immediately.

Never give out any personal information, including birth date, SSN, or Passwords
Shred all documents containing personal information, like bank statements, unused checks, deposit slips, credit card statements, pay stubs, medical billings, and invoices
Don’t give any of your personal information to any websites that do not use encryption or other secure methods to protect it

The security of your company’s money and identity is as important to us as it is to you.

Let’s work together to protect it.

Securing Your Business

Is your company keeping information secure?

Are you taking steps to protect sensitive information?

Safeguarding sensitive data in your files and on your computers is just plain good business. After all, if that information falls into the wrong hands, it can lead to fraud or identity theft. A sound data security plan is built on five key principles:

Take stock. Know the nature and scope of the sensitive information contained in your files and on your computers.
Scale down. Keep only what you need for your business.
Lock it. Protect the information in your care.
Pitch it. Properly dispose of what you no longer need.
Plan ahead. Create a plan to respond to security incidents.

The following information is provided by the Federal Trade Commission, Bureau of Consumer Protection.

How To Take Stock

Know the nature and scope of the sensitive information contained in your files and on your computers.

Take inventory of all file storage and electronic equipment. Where does your company store sensitive data?
Talk with your employees and outside service providers to determine who sends sensitive information to your business, and how it is sent.
Consider all of the methods with which you collect sensitive information from customers, and what kind of information you collect.
Review where you keep the information you collect, and who has access to it.

How To Scale Down

Keep only what you need for your business.

Use Social Security numbers only for required and lawful purposes. Don’t use SSNs as employee identifiers or customer locators.
Keep customer credit card information only if you have a business need for it.
Review the forms you use to gather data — like credit applications and fill-in-theblank web screens for potential customers — and revise them to eliminate requests for information you don’t need.
Change the default settings on your software that reads customers’ credit cards. Don’t keep information you don’t need.
Truncate the account information on any electronically printed credit and debit card receipts that you give your customers. You may include no more than the last five digits of the card number, and you must delete the card’s expiration date.
Develop a written records retention policy, especially if you must keep information for business reasons or to comply with the law.

How To Lock It

Protect the information that you keep.

Put documents and other materials containing sensitive information in a locked room or file cabinet.
Remind employees to put files away, log off their computers, and lock their file cabinets and office doors at the end of the day.
Implement appropriate access controls for your building.
Encrypt sensitive information if you must send it over public networks.
Regularly run up-to-date anti-virus and anti-spyware programs on individual computers.
Require employees to use strong passwords.
Caution employees against transmitting personal information via e-mail.
Create security policies for laptops used both within your office, and while traveling.
Use a firewall to protect your computers and your network.
Set “access controls’ to allow only trusted employees with a legitimate business need to access the network.
Monitor incoming Internet traffic for signs of security breaches.
Check references and do background checks before hiring employees who will have access to sensitive data.
Create procedures to ensure workers who leave your organization no longer have access to sensitive information.
Educate employees about how to avoid Phishing and phone pretexting scams.

How To Pitch It

Properly dispose of what you no longer need.

Create and implement information disposal practices.
Dispose of paper records by shredding, burning, or pulverizing them.
Defeat “dumpster divers’ by encouraging your staff to separate the information that is safe to trash from sensitive data that needs to be discarded with care.
Make shredders available throughout the workplace, including next to the photocopier.
Use a “wipe’ utility programs when disposing of old computers and portable storage devices.
Give business travelers and employees who work from home a list of procedures for disposing of sensitive documents, old computers, and portable devices.

How To Plan Ahead

Create a plan for responding to security incidents.

Create a plan to respond to security incidents, and designate a response team led by a senior staff person(s). ITEM: Business Security
Draft contingency plans for how your business will respond to different kinds of security incidents. Some threats may come out of left field; others — a lost laptop or a hack attack, to name just two — are unfortunate, but foreseeable.
Investigate security incidents immediately.
Create a list of who to notify — inside or outside your organization — in the event of a security breach.
Immediately disconnect a compromised computer from the Internet.

F&M Bank Contacts

You are protected in a variety of ways when you use F&M Mobile and Online Banking; however it is important to contact F&M Bank in the event you that your company’s online access has been compromised. Also, report any unauthorized or unexpected transactions immediately.

Your account is protected against fraudulent transactions in a number of ways, so monitor your account balances and transactions frequently. If you want to report suspicious activity in your account(s), or if you have questions about the security of your account(s), you can call us at:540-896-8941, contact your local F&M Bank location, e-mail us at csc@fmbankva.com, or start a chat with a banking representative on our mobile banking app or online banking portal.