Fighting fraud with education

COVID-19 has exacerbated vulnerabilities to fraud. To combat this trend, Tompkins VIST Bank has been delivering valuable education to its small business customers to keep them informed and protected.

Community banks are experts at safeguarding sensitive information—it’s just part of the job. So, it seems natural that they’d fall into the role of keeping their business and retail customers up to speed about all things cybersecurity. And, during the pandemic, this seems especially important, as cyberattacks appear to be on the rise.

Equipping its customers with the know-how to prevent fraud is a job that $1.9 billion-asset Tompkins VIST Bank in Wyomissing, Pa., takes seriously.

“Cyberthreats to businesses have increased during COVID, because companies are doing more business online and have fewer resources to monitor processes,” says Paula Barron, senior vice president of community banking. “As a community bank, small to medium-sized businesses are our specialty. And as a financial institution, we’re used to guarding against cyberthreats, so we wanted to pass our knowledge on to our business customers during this difficult time.”

In 2020, amid the pandemic, Tompkins VIST Bank introduced a series of cybersecurity webinars aimed at helping customers avoid cybersecurity risks. “We are planning to do more on this subject this year geared to businesses’ ongoing needs,” Barron says.

During these webinars, the community explains where customers and businesses are vulnerable to hackers. “For example, we emphasize how prevalent cybercrimes are now and how sophisticated cybercriminals have become,” she says. “We also point out the damage cyberattacks can have on businesses, from loss of system availability to reputational damage.”

“For us, the benefits [of hosting cybersecurity webinars] are that we are helping customers keep their systems secure and protect their businesses at a very crucial time.”
—Paula Barron, Tompkins VIST Bank

Learning to combat fraud

A data breach or fraud can hit a company’s bottom line at a time when it can least afford it. That’s why Tompkins VIST Bank educates its customers on straightforward ways businesses can prevent fraud, such as frequent system updates, multifactor authentication and regular password changes.

It’s also an opportunity for the community bank to connect customers with value-added services that may prevent or catch fraud. “We take the opportunity to discuss some of the services we offer,” Barron says, “such as Positive Pay, [a cash management service that] can help to monitor online fraud.”

The community bank’s customers are interested in a variety of topics, but there are three that have been of particular interest to them.

One of these is email security and phishing, particularly “spear phishing,” a type of targeted phishing involving emails designed to trick a specific victim. “We stress that this is where our customers are most vulnerable from a wire fraud perspective,” Barron says.

Participants have also been interested in new ways of doing business that require remote accessibility, which presents some security risks.

“We emphasize that, without proper precautions, remote access can heighten the opportunity for cyberattacks, which can take down critical systems,” Barron says. “The risks are real and can include unwanted legal fees, customer reputation issues, loss of system availability, and, most critically, business health and sustainability.”

The third relates to ACH, or automated clearing house, processing. “Since COVID began, we’ve noted a huge increase in businesses using [ACH] processing for things like direct deposit of payroll and corporate payments,” Barron says. As a result, Tompkins VIST Bank is seeing a rise in ACH fraud, because the fraudster only needs the business checking account and routing and transit numbers to do damage.

“We emphasize that the best preventive measure is to restrict access to the business checking account and routing transit information to those who need to know,” she says, adding that it’s important to clear one’s web browser cache before each online banking session, keep an ACH limit to a minimum acceptable level and consistently monitor bank accounts.

Valuable education and services

Tompkins VIST Bank offers other cybersecurity initiatives, too. It’s currently planning programming to educate its business customers about the financial effects of the pandemic on the region.

“Payment fraud related to businesses’ online payment systems now exceeds $40 billion a year,” Barron says, adding that the community bank’s Positive Pay service can guard against some of these fraud scams, including online mailbox theft and check copying.

The service works by allowing businesses to monitor checks and ACH debits processed for payment against their account and to reject unauthorized transactions before losses occur.

These services and the webinars have clear benefits of preventing fraud—a boon for both the customer and Tompkins VIST Bank—as well as providing peace of mind during a tumultuous time. Webinar attendees have appreciated the information.

“The response has been overwhelmingly positive,” Barron says. “For us, the benefits are that we are helping customers keep their systems secure and protect their businesses at a very crucial time.”