Small Business
OnLine Security

Immediately notify BB&T at 800-BANK-BBT (800-226-5228) if you suspect that your company has been a victim of fraud or attempted fraud.

We’ll help you assess the situation and take appropriate action, which may include placing holds and flags on your accounts to help detect future fraud attempts.

As we work together, remember that BB&T will never ask for your password over the phone, by email or text message.

BB&T takes a multilayered approach to fighting fraud in partnership with you.

• With Small Business OnLine, you can monitor and manage your accounts 24 hours a day, seven days a week.
• As the business owner you may customize access for up to 10 users.¹
• Automatic alerts notify you of security related account activities.
• Additional authorization is required for ACH and wire transfers.

Review your accounts daily, and take advantage of the following security tools:

• BB&T Alerts. Receive email or mobile text notifications when specific events occur, such as ACH and wire transfers that have been initiated on your account.
• BB&T has partnered with select vendors to provide antivirus and anti-spyware software at a free or discounted rate:
  • Prevx SafeOnline is offered to our clients free of charge.
  • We also offer a 33% discount on the Prevx 3.0 full suite. (MSRP $36.95, BB&T Clients $26.95)

BB&T has no liability for any loss, claim, or damage sustained as a result of the use of your organization’s PIN, password or security code, whether this transaction was authorized or not.

Cyber theft occurring with the use of valid credentials is not covered by the bank. Discuss cyber theft with your insurance provider.

Please take the time to review the  BB&T Commercial Banking Services Agreement. It includes the following items related to the use of your organization’s security code:

• You agree to indemnify and hold harmless BB&T for any such transaction alleged to be unauthorized.
• You agree to keep any account information, security code, password or other confidential identification number used to access your deposit or credit account(s) secure and strictly confidential, and to not permit disclosure of such information to any unauthorized person.
• You agree to immediately notify BB&T if this information has become known to, or been used by, an unauthorized person.
• You acknowledge that BB&T has no method to determine whether a transaction conducted with use of a valid account name, account number, and security code was proper and therefore authorize BB&T to complete any transaction involving your deposit or credit account(s) made with the use of such information.
• You agree to be responsible for any transaction initiated with the use of a valid account name, account number, and security code or credentials.

We advise our clients to be especially vigilant to the following kinds of fraud.

• Look for alterations to legitimate checks, including forged signatures and amounts
• Beware counterfeit checks, which can include an exact replica of your logo, or a check from a fictitious company.

• Stay on the lookout for charges presented through ACH that have already been checks returned for fraud.
• Watch out for fraudulent electronic debits.
• Beware fraudulent requests to initiate ACH payments for charges received via Internet or telephone.
• Keep watch over electronic credits or outbound wire transfers sent in payment for fraudulent purposes.
• Beware credit purchases from “Card Not Present” merchants, or from merchants not validating the CVV2 number on the card.
• Be vigilant toward stored value cards and their card numbers. Both can be stolen and used to make purchases.

• Online schemes often attempt to obtain confidential information that includes password, identification information, and token code information.
• Malicious software can be installed on your computer without your consent. Once installed, it can record keystrokes, redirect your browser, or display a fraudulent website.

We guard your business accounts with:

• 128-Bit SSL encryption
• Multiple firewalls to shield the network
• Logon security measures, with automatic logoff due to inactivity
• Restricted access based on the individual user
• Additional authentication for high-risk activities, such as ACH payments and wire transfers
• A multi-layered security approach to protect your information and assets, including automatic alerts

We keep watch on your accounts with:

• Activity Monitoring. Our fraud teams actively monitor login and transaction activity.
• Industry Partnerships. We share forensic data with anti-phishing and anti-malware vendors.
• Law Enforcement. We investigate fraud in coordination with law enforcement.

As a user of BB&T products and services, you have a duty to safeguard access to your accounts, account information, signature stamps, security codes, passwords, or other confidential identification numbers and information.

We recommend that businesses of all sizes establish an online fraud awareness program and conduct regular risk assessments.

Safeguard your accounts by following these best practices:

• Use standalone PCs for your online banking needs. To initiate funds transfers and payments, use standalone PCs or mobile devices that are not enabled for social networking functions such as email or web browsing.
• Make use of entitlements and payment limits. Implement user entitlements based on your business needs. Maximum payment amount limits should be determined and set by BB&T. Your user entitlements and payment limits should be routinely reviewed.
• Use BB&T Alerts or Event Notifications. These services proactively send email notifications when payments are made or changes are made to user entitlements.
• Exercise sound password management. Prohibit the sharing of passwords, use a different password for each website accessed, and regularly change passwords. Do not store passwords on your computer in case it is compromised.
• Educate your employees. Establish an online fraud awareness program and conduct regular risk assessments.
• Identify gaps in your internal controls. Address them immediately.