Corporate Account Takeover (CATO)

This document is for informational purposes in order to promote business online banking customer awareness and is not intended to provide legal advice. The best practices included within this document are not an exhaustive list of actions and security threats change constantly.

Corporate Account Takeover (CATO) is a form of corporate identity theft where a business online banking credentials are stolen by malware. Criminal entities can then initiate fraudulent banking activity, including wire transfers and ACH payments. CATO fraud is the compromise of the customer's identity credentials and NOT a compromise to the ACH Network, wire transfer system, or bank systems. CATO is specific to compromises on individual/business computers.

Losses from Corporate Account Takeover are not covered under Regulation E and, by agreement, are generally the responsibility of the customer; therefore, corporations and businesses need to take proper precautions to protect their computers and financial information to avoid financial and reputation losses.

Businesses need to evaluate their systems. Systems should have secure internet browsers. There are several products and the type of protection/security software is the individual choice of each business or corporation.

Some of the signs of a compromised computer are:

  • "System Unavailable" messages while banking online
  • Changes in the way your online banking application appears
  • Unexpected requests for a one-time password/token in a session
  • Unusual pop-up messages, especially in the middle of an online banking session
  • Computer locks up
  • Dramatic loss of PC speed
  • Unexpected rebooting or restarting of PC
  • New or unexpected toolbars or icons
  • Inability to shut down or restart computer-Warnings from anti-virus or anti-malware software

Suggestions for Computer Security:

  • Establish a dedicated computer for online banking
  • Prohibit web browsing, emailing and social networking
  • Use anti-virus and anti-spyware technology
  • Use secure browser technology
  • Do not leave computers unattended or unlocked
  • Use spam filters and pop-up blockers
  • Install routers and firewalls to prevent unauthorized access
  • Use strong password policies
  • Do not use public Wi-Fi hotspots such as in cafes and airports

Best practices for safe business online banking:

  • Reconcile banking transactions on a daily basis
  • Education is Key - Train your employees
  • Utilize separation of duties when initiating ACH and/or wire transfers—one person originates the transaction on one computer and another person approves the transaction on another computer
  • Immediately report suspicious transactions to Liberty Bank by calling (800) 883-3943.
  • Install a firewall to help limit unauthorized access to the network and/or computer
  • Create strong passwords and do not use your business online banking password for other sites
  • Do not download "Free versions" of anti-virus programs. Free versions do not provide "real-time" protections
  • Ensure that computers are patched regularly, particularly operating systems and key applications
  • Install anti-spyware/anti-malware software and update them often

What to do if you are a victim of Corporate Account Takeover (CATO):

If you should become a victim of Corporate Account Takeover, you should immediately contact the bank and law enforcement.

  • Immediately cease all activity from computer systems that may be compromised. Disconnect the network connections to isolate the computer from internet access.
  • Immediately contact the bank at (800) 883-3943, stating that you believe that you are a victim of Corporate Account Takeover (CATO). Request assistance with the following actions:
    1. Disable online access to accounts
    2. Change online banking passwords
    3. Open new accounts as appropriate
    4. Request that the bank review all recent transactions and electronic authorization on the accounts
    5. Ensure that no one has requested an address change, re-ordered checks, ordered debit cards, or made any changes to be sent to a different address
  • Maintain written documentation of what happened, what was lost and the steps taken to report the incident to the various agencies, banks, and firms impacted. Be sure to record the date, time, and telephone number, person spoken to, and any relevant report or reference number and instructions.
  • File a police report and provide the facts and circumstances surrounding the loss. Obtain a police report number with the date, time, department, location and officer's name taking the report or involved in the subsequent investigation. Having a police report on file will facilitate dealing with insurance companies, banks, and other establishments that may be the recipient of fraudulent activity. The police report may initiate a law enforcement investigation into the loss with the goal of identifying, arresting and prosecuting the offender and possibly recovering losses.

Resource for Business Account Holders

Visit the corporate account takeover resource center at www.nacha.org.