FDIC-Insured — Backed by the full faith and credit of the U.S. Government
Search    
menu

Security Best Practices

Client best practices and controls for business online banking

Carrollton Bank recommends that you review your controls annually and perform a risk assessment on a regular, periodic basis.

Account Controls & Recommendations

  • Clients should be proactive about learning about account features that may protect their accounts, such as daily transaction limits, security alerts and secure access codes.
  • Recommend reconciliation of all banking transactions on a daily basis, preferably at the beginning and the end of each day.
  • Recommend customers initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer, using separate computers.
  • Review online banking user IDs and access levels with the bank on a regular basis, ensuring correct additions or deletions, etc.
  • Do not have user IDs that contain sensitive information, such as an account number or Social Security number.
  • Create a strong password with at least twelve characters that includes a combination of mixed case letters, numbers and special characters.
  • Do not share usernames and passwords.
  • Change the password a few times each year, perhaps even more than the required amount.
  • Clients must familiarize themselves with the institution's account agreement and with the customer's liability for fraud under the agreement.
  • Immediately escalate any suspicious transactions to the financial institution, especially ACH or wire transfers. There is a limited recovery window for these transactions, and immediate escalation may prevent further loss.

Internet Controls & Recommendations

  • Avoid accessing your bank, brokerage, or other financial services information on networks you don't control, such as those at internet cafes, airports, hotels, or public libraries. These networks may have unauthorized software installed that can steal your account numbers and sign-on information, putting you at risk of fraud. Online banking users should be cautious of suspicious emails. Phishing emails often look like they come from financial institutions or agencies such as the IRS, FDIC, NACHA, or FBI. Phishing emails may also appear to be from a known source, such as UPS, FedEx, etc. They may request account information or verification of banking credentials. We will not send you an email stating that our website is down, or your credentials have expired. Do not open any such emails. Opening file attachments or clicking on links could expose the system to malicious code that could hijack your computer. You may forward suspicious-looking emails to: report@enterprisebank.com.
  • Use a unique password for each website that you access. Using the same password for Online Banking that you use for other online accounts may put your account at risk if someone is able to capture that password.
  • Ensure you are using a secure session (e.g., https instead of http) in your browser for all online banking and when submitting or handling sensitive information online. After using online banking, be sure to log out of the session and close out the internet browser. Never leave a computer unattended while accessing online accounts.
  • Watch out for sudden pop-up windows asking for personal information or warning of a virus, or a warning of virus protection that has expired. This is known as “scareware” because it frightens people into providing information, downloading malicious software or paying for removal.
  • Pay attention to the toolbars at the top of your screen. Current versions of the most popular internet browsers often will indicate if you are visiting a suspicious website.
  • Be careful if you download software onto a cell phone. Software download to a phone has the potential to contain spyware or malicious code, which could allow a hacker access to your online banking application. Before downloading online banking software, check with the financial institution to make sure this option is safe and supported.
  • Consider purchasing cyber fraud insurance and session protection technology.
  • Subscribe to the FDIC Consumer News. This provides practical guidance on how to become a smarter, safer user of financial services. You can also read prior issues by going to www.FDIC.gov, and in the search engine put “FDIC Consumer News.”

System Controls & Recommendations

  • Use a secure and updated device for online banking activities. Ensure your antivirus software is active and up-to-date, and avoid accessing suspicious websites or emails while conducting online banking.
  • Remove administrator rights on users' workstations to help prevent the inadvertent installation of malware or viruses.
  • Install anti-virus and desktop firewall software on all computer systems. Ensure virus protection and security software are updated regularly. Anti-virus is only secure if it has the most recent signatures and updates.
  • Consider a dedicated, actively managed hardware firewall, especially if you have a broadband or dedicated connection to the internet, such as DSL or cable.
  • Ensure computers are patched regularly with security patches, especially the operating system and key applications.
  • If you outsource IT work, make sure you choose a reputable company and/or qualified technical professional to manage your computer systems and network. The security of your company’s data depends on the capabilities of the IT staff who maintain it.

If you have any questions about any of these suggestions/best practices, please refer to your company IT department or IT or cyber consultant. These recommendations were developed by multiple sources of industry professionals, including the FDIC and NACHA for business customers that want to protect their online banking credentials and strengthen ACH and wire security.

Contact Us

(833) 896-2850

security@carrolltonbanking.com

Find your Carrollton Bank

©2025 Carrollton Bank

Equal Housing Opportunity

Third Party Site Disclaimer

You are leaving Carrollton Bank's website and will be redirected to another site. Carrollton Bank makes no endorsement or claims about the accuracy or content of the information contained in these sites. The security and privacy policies on these sites may be different than Carrollton Bank.

« Cancel Continue » ×

Warning!

Regular email is not secure. Please do not include any personal or financial information when contacting Carrollton Bank via email.

« Cancel Continue » ×