Mar 28

Fraud Prevention Best Practices

March 28, 2014
  • Share:
  • Share with LinkedIn
Fraud Prevention Best Practices This document provides you with the best practices you can use to avoid or minimize fraud exposure. General Guidelines
  • Do not use public or other unsecured computers.
  • Review account balances and detail transactions on a daily basis to confirm payment and other transaction data and immediately report any suspicious transactions to your financial institution.
  • View transfer history available through the account activity information.
  • Whenever possible, make electronic payments instead of checks to limit account number dissemination exposure and to obtain better electronic record keeping.
  • Whenever possible, register your computer to avoid having to re-enter challenge questions and other authentication information with each login.
  • Never leave a computer unattended with personal or financial information displayed.
  • Never conduct banking transactions while multiple browsers are open on your computer.
User ID and Password Guidelines
  • Create a “strong” password with at least 8 characters that includes a combination of mixed case letters, numbers, and special characters.
  • Change your password frequently.
  • Never share username and password information.
  • Avoid using an automatic login feature that saves usernames and passwords. 
Tips to Avoid Phishing, Spyware and Malware
  • Do not open e-mail from unknown sources. Be suspicious of e-mails purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, PIN codes, and similar information. Opening file attachments or clicking on web links in suspicious e-mails could expose your system to malicious code that could hijack your computer.
  • Never respond to a suspicious e-mail or click on any hyperlink embedded in a suspicious e-mail. Call the purported source if you are unsure who sent an e-mail
  • If an e-mail claiming to be from your financial organization seems suspicious, checking with your financial organization may be appropriate.
  • Install anti-virus and spyware detection software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
  • Update all of your computers regularly with the latest versions and patches of both anti-virus and anti-spyware software.
  • Ensure computers are patched regularly, particularly operating system and key application with security patches.
  • Install a dedicated, actively managed firewall, especially if using a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to your network and computers.
  • Check your settings and select, at least, a medium level of security for your browsers.
  • Be advised that repeatedly being asked to enter your password is sign of potentially harmful activity.
  • Being asked challenge questions if your computer was previously registered is a sign of potentially harmful activity.
Tips for Wireless Network Management Wireless networks can provide an unintended open door to your business network. Unless a valid business reason exists for wireless network use, it is recommended that all wireless networks be disabled. If a wireless network is to be used for legitimate business purposes, it is recommended that wireless networks be secured as follows:
  • Change the wireless network hardware (router / access point) administrative password from the factory default to a complex password. Save the password in a secure location as it will be needed to make future changes to the device.
  • Disable remote administration of the wireless network hardware (router / access point).
  • If possible, disable broadcasting the network SSID.
  • If your device offers WPA encryption, secure your wireless network by enabling WPA encryption of the wireless network. If your device does not support WPA encryption, enable WEP encryption.
  • If only known computers will access the wireless network, consider enabling MAC filtering on the network hardware. Every computer network card is assigned a unique MAC address. MAC filtering will only allow computers with permitted MAC addresses access to the wireless network.
Risk Assessments and Controls Banco Popular conducts risk assessments of the systems to identify and strengthen controls to detect and prevent fraud attempts.  However, we recommend you to periodically perform risk evaluations of your information systems and internal processes to identify if additional controls are necessary or need to strengthen existing controls. In addition, Banco Popular has commercial services that will help reduce the risk of fraud in your business. Learn about the services that will help you manage your business finances safely and reliably. Account management, balance information and electronic account statement Web Cash Manager Mi Banco Comercial E-Commercial Statement Electronic payments to employees, suppliers and Wire Transfers Web Cash Manager ACH Module Web Cash Manager Wire Transfer Module Reconciliation Services Simple Check Positive Pay Phone calls from Banco Popular Banco Popular will not call requesting sensitive information of your commercial or personal account. Be alert if you receive a call requesting sensitive account information such as your user name, password or secret PIN number. If you receive this type of call contact immediately the Business Banking Center to report the event. If you notice a transaction not authorized by your business contact immediately the Business Banking Center at 787 756-3939 or 1 855 756-3939.

For more advice on how to take action and prevent fraud in your business visit the security business section.

  This article is for informational purposes only and does not constitute an endorsement or guarantee of accuracy or applicability for any particular purpose. Neither Popular nor any of its affiliates, subsidiaries, or related companies shall be liable for any special, direct, or indirect harm stemming from the information contained in this article. Should you require further information or guidance on the subject of this article, you should always seek the advice of a competent professional of your choice.