Fraud Mitigation Strategies - Business Customer Checklist


Huntington is committed to assisting our clients in mitigating the risks associated with online fraudulent activity. As part of that commitment, Huntington has compiled a checklist of some recommended best practices in an effort to reduce the potential for online fraudulent activity. If you have any questions, please contact your Account Officer.


Operational Controls

  • Establish dual-approval for all wire transfers
  • Set employee transaction limits
  • Review your account balance online on a daily basis to identify fraudulent transactions as soon as possible.
  • Limit the number of employees with Administrator access. Employees should be granted the least privilege necessary to perform their job function.
  • Establish procedures to ensure employee access is disabled for any employee no longer employed by or associated with the company. Review employee access periodically to ensure access levels are still appropriate and commiserate with job function.
  • Implement a vulnerability management policy and establish procedures for the timely updating of operating systems, network devices, and security software.
  • Create policies outlining acceptable use of corporate assets, specifically as it relates to web browsing, e-mailing, and social networking.
    • Ensure all employees are aware of the dangers of opening attachments or clicking links in e-mails from unknown sources.
    • Consider limiting access to the corporate network to corporate owned/supported assets only. Establish policies for accessing the corporate network with personal devices.


Technology Controls

  • Protect your computers from malicious programs by installing and regularly updating anti-virus and anti-spyware software.
  • Download and Install Trusteer Rapport: Rapport is online fraud and identity theft protection software that protects your username, password and other login information. It provides an additional layer of defense beyond traditional anti-virus software.
  • Restrict access to removable media devices. (i.e. CDs, DVDs, or USB devices).
    • Reduces the potential for malicious programs being released onto the corporate network via these devices.
  • Use a email service that blocks or removes file attachments that are commonly used to spread malicious programs. (i.e.VBS, .BAT, .EXE)
  • Consider deploying a computer dedicated to online banking.
    • Turn off, remove, or restrict access to unnecessary services and applications.
  • Install routers and firewalls to prevent unauthorized access to your corporate network.
    • Consider deploying a intrusion detection system.
    • Consider implementing a web proxy to manage and monitor access to the Internet.
    • Change the default passwords on any network devices.