CashManager OnLine
& Fraud Prevention

Immediately notify BB&T Treasury Management Client Support at 800-774-8179 if you suspect that your company has been a victim of fraud or attempted fraud.

As we work together, remember that BB&T will never ask for your password over the phone, by email or text message.

BB&T takes a multilayered approach to fighting fraud in partnership with you.

• With CashManager OnLine you can manage your accounts 24 hours a day, seven days a week.
• Review your accounts daily and follow the  Standard Security Protocol for BB&T CashManager OnLine.
• As the administrator, you may add, remove and edit permissions or entitlements as needed for each user.
• Trusteer Rapport is a required software download that helps protect your bank accounts from fraudulent activity.

Take advantage of the following security tools and security measures to protect your ACH, wire transfers, and check transactions:

• Account Reconciliation services offer businesses that issue a high volume of checks a more efficient way to handle accounting for and reconciling bank statements and other transactions each month.
• Positive Pay compares the check issue information that you send with the checks that paid against your account. Suspect items are then sent to you to review via the CMOL Positive Pay Module.
• UPIC is a secure way to receive electronic payments from your vendors and suppliers without disclosing your sensitive bank account information. Your bank account number is masked with a UPIC “Virtual account number.”
• A blanket ACH Debit Block will prevent any ACH debit from posting to your account.
• Account Block Filtering will allow only certain vendors to electronically debit your account.
• Account Block Positive Pay provides the ability to disposition your rejected debit entries.

BB&T has no liability for any loss, claim, or damage sustained as a result of the use of your organization’s PIN, password or security code, whether this transaction was authorized or not.

Cyber theft occurring with the use of valid credentials is not covered by the bank. Discuss cyber theft with your insurance provider.

Please take the time to review the  BB&T Commercial Banking Services Agreement. It includes the following items related to the use of your organization’s security code:

• You agree to indemnify and hold harmless BB&T for any such transaction alleged to be unauthorized.
• You agree to keep any account information, security code, password or other confidential identification number used to access your deposit or credit account(s) secure and strictly confidential, and to not permit disclosure of such information to any unauthorized person.
• You agree to immediately notify BB&T if this information has become known to, or been used by, an unauthorized person.
• You acknowledge that BB&T has no method to determine whether a transaction conducted with use of a valid account name, account number, and security code was proper and therefore authorize BB&T to complete any transaction involving your deposit or credit account(s) made with the use of such information.
• You agree to be responsible for any transaction initiated with the use of a valid account name, account number, and security code or credentials.

We advise our clients to be especially vigilant to the following kinds of fraud.

Check Fraud

• Look for alterations to legitimate checks, including forged signatures and amounts.
• Beware counterfeit checks, which can include an exact replica of your logo, or a check from a fictitious company.

Card, ACH and Wire Transfer Fraud

• Stay on the lookout for charges presented through ACH that have already been checks returned for fraud.
• Watch out for fraudulent electronic debits and unauthorized transactions.
• Beware fraudulent requests to initiate ACH payments for consumer charges received via Internet or telephone.
• Beware consumer credit purchases from “Card Not Present” merchants, or from merchants not validating the CVV2 number on the card.

Online Fraud

• Online schemes often attempt to obtain confidential information that includes password, identification information, and token code information.
• Malicious software can be installed on your computer without your consent. Once installed, these programs can capture confidential information, keystrokes, initiate fraudulent transactions, redirect your web browser, or display fraudulent websites.

How BB&T Protects Your Accounts from Fraud

We guard your business accounts with:

• 128-Bit SSL encryption
• Multiple firewalls to shield the network
• Logon security measures, with automatic logoff due to inactivity
• A multi-layered security approach to protect your information and assets, including some mandatory alerts
• Our fraud teams actively monitor login and transaction activity.

As a user of BB&T products and services, you have a duty to safeguard access to your accounts, account information, signature stamps, security codes, passwords, or other confidential identification numbers and information.

We recommend that businesses of all sizes establish an online fraud awareness program and conduct regular risk assessments.

• Use standalone PCs for your online banking needs. To initiate funds transfers and payments, use standalone PCs that are not enabled for social networking functions such as email or web browsing.
• Make use of entitlements and payment limits. Implement user entitlements based on your business needs. Maximum payment amount limits should be determined and set by BB&T. Your user entitlements and payment limits should be routinely reviewed.
• Use alerts or event notifications. These services proactively send email notifications when payments are made or changes are made to user entitlements.
• Exercise sound password management. Prohibit the sharing of passwords, require strong passwords with a mix of characters and cases, use a different password for each website accessed, and regularly change passwords. Do not store passwords on your computer in case it is compromised.
• Educate your employees. Establish an online fraud awareness program and conduct regular risk assessments.
• Identify gaps in your internal controls. Address them immediately.