Fraud Prevention Guidelines

Take steps to ensure that you are the only one with access to your personal information

With attacks on personal and financial information becoming more sophisticated and aggressive, now is the time to take action to protect yourself. Redwood Capital Bank offers many tools and services to help prevent and detect financial fraud.

Redwood Capital Bank will never solicit the following information via email:

User IDs
Passwords
Social Security Numbers
Card or account numbers
Credit card security codes (CCV)

Account Options

General Guidelines

Do not use public or other unsecured computers for logging into Online Banking.
Check your last login date and time every time you log in.
Review account balances and detail transactions regularly (daily, if possible) to confirm payment and other transaction data and immediately report any suspicious transactions to your financial institution.
View transfer history available through viewing account activity information.
Whenever possible, use Bill Pay instead of checks to limit account number exposure and to obtain better electronic recordkeeping.
Take advantage of and regularly view system alerts, examples include:
- Balance alerts
- Transfer alerts
- Password change alerts
- ACH alerts (for cash management users)
- Wire alerts (for cash management users)
Do not use account numbers, your social security number or other account or personal information when creating account nicknames or other titles.
Whenever possible, register your computer to avoid having to re-enter challenge questions and other authentication information with each login.
Review historical reporting features of your Online Banking application on a regular basis to confirm payment and other transaction data.
Never leave a computer unattended while using Online Banking.
Never conduct banking transactions while multiple browsers are open on your computer.
An FBI recommended best practice is to suggest that company users dedicate one computer solely for financial transactions (for example, no web browsing, emails or social media).

Tips to Protect Online Payments and Account Data

Take advantage of transaction limits. Establish limits for monetary transactions at multiple levels: per transaction, daily, weekly or monthly limits.
When you have completed a transaction, ensure you log off to close the connection with the financial organization's network.
Use separate accounts for electronic and paper transactions to simplify monitoring and tracking any discrepancies.
Reconcile by carefully monitoring account activity and reviewing all transactions initiated by your company on a daily basis.

Account Transfer

Use limits provided for monetary transactions at multiple levels: per transaction, daily, weekly or monthly limits.
Review historical and audit reports regularly to confirm transaction activity.
Utilize available alerts for funds transfer activity.

ACH (Automated Clearing House)

Use pre-notification transactions to verify that account numbers within your ACH payments are correct.
Use limits for monetary transactions at multiple levels: per transaction, daily, weekly or monthly limits.
Review transaction reporting regularly to confirm transaction activity.
Utilize available alerts for ACH activity.
Limit administrative rights on users workstations to help prevent the inadvertent downloading of malware or other viruses.
Dedicate and limit the number of computers used to complete Online Banking transactions. Do not allow internet browsing or email exchange and ensure these computers are equipped with latest versions and patches of both anti-virus and anti-spyware software.
Delete online user IDs as part of the exit procedure when employees leave your company.
Assign dual system administrators for online cash management services.
Use multiple approvals for monetary transactions and require separate entry and approval users.
Establish transaction dollar limits for employees who initiate and approve online payments such as ACH, wire transfers and account transfers.

Tips to Avoid Phishing, Spyware and Malware

Do not open email from unknown sources. Be suspicious of emails purporting to be from a financial institution, government department or other agency requesting account information, account verification or banking access credentials such as usernames, passwords, PIN codes and similar information. Opening file attachments or clicking on web links in suspicious emails could expose your system to a virus that could damage your computer.
Never respond to a suspicious email or click on any hyperlink embedded in a suspicious email. Call the purported source if you are unsure who sent an email.
If an email claiming to be from your financial organization seems suspicious, checking with your financial organization may be appropriate.
Install anti-virus and spyware detection software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product. Update all of your computers regularly with the latest versions and patches of both anti-virus and anti-spyware software.
Ensure computers are patched regularly, particularly operating system and key applications with security patches.
Install a dedicated, actively managed firewall, especially if using a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to your network and computers.
Check your settings and select a medium-level security for your browsers.
Clear the browser cache before starting an Online Banking session in order to eliminate copies of web pages that have been stored on the hard drive. How the cache is cleared depends on the browser and version you are using. This function is generally found in the browser's preferences menu.

Tips for Wireless Network Management

Wireless networks can provide an unintended open door to your business network. Unless a valid business reason exists for wireless network use, it is recommended that all wireless networks be disabled. If a wireless network is to be used for legitimate business purposes, it is recommended that wireless networks be secured as follows:

Change the wireless network hardware (router/access point) administrative password from the factory default to a complex password. Save the password in a secure location as it will be needed to make future changes to the device.
Disable remote administration of the wireless network hardware (router/access point).
If possible, disable broadcasting the network SSID.
If your device offers WPA encryption, secure your wireless network by enabling WPA encryption of the wireless network. If your device does not support WPA encryption, enable WEP encryption.
If only known computers will access the wireless network, consider enabling MAC filtering on the network hardware. Every computer network card is assigned a unique MAC address. MAC filtering will only allow computers with permitted MAC addresses access to the wireless network.

To Report Identity Theft and Fraud

If you have been a victim of identity theft or suspect to be one, follow these steps as quickly as you can:

Contact the three national credit bureaus (www.experian.com, www.equifax.com and www.transunion.com) and ask them to place a "Fraud Alert" to your credit file.
File a report with the local police department or the FBI.
Order your credit reports. Once you have placed an initial "Fraud Alert," you are entitled to a free credit report from each of the three credit reporting companies.
Contact your creditors (by telephone and in writing) to inform them of the problem.
If mail use is suspected, notify your local postmaster.
Contact Redwood Capital Bank immediately at (707) 444-9800 so that we can watch for any unusual activity or suggest other means of protecting your account.
Request that any personal indentification number (PIN) or passwords used for account access are changed.

Resources

Report to CISA (Cybersecurity & Infrastructure Security Agency)
Federal Deposit Insurance Corporation (FDIC) Consumer Protection
FDIC Insurance Estimator
FDIC Office of the Ombudsman Regional Ombudsman, Terre E. Price (415) 808-8114
Federal Trade Commission (FTC) Hotline for Consumers to Report Incidents of Identity Theft: 1-877-ID-THEFT (1-877-438-4338)
Social Security Administration's Fraud Hotline: 1-800-269-0271

Credit Bureaus

Equifax
1-800-685-1111 Credit Reports
1-800-525-6285 Fraud Department
P.O. Box 740241
Atlanta, GA 30374
www.equifax.com

Experian
1-888-397-3742 Credit Reports
1-888-397-3742 Fraud Department
P.O. Box 2002
Allen, TX 75013
www.experian.com

Trans Union
1-800-916-8800 Credit Reports
1-800-680-7289 Fraud Department
P.O. Box 2000
Chester, PA 19022
www.transunion.com

User ID and Password Guidelines

Create a “strong” password with at least eight (8) characters that includes a combination of mixed case letters, numbers and special characters.
Change your password frequently.
Never share username and password information with third-party providers.
Avoid using an automatic login feature that saves usernames and passwords.