Give ’em only what they need to do their jobs

In a digital age, set transaction limits, dedicate a device for payment, guard passwords

Just how safe is your data, your money or your business?

In the wake of the Equifax data breach that affected as many as 143 million Americans, bankers urge commercial customers and consumers to take an active role in protecting their accounts.

“Pay attention,” said Kyle Molin, vice president and director of payments strategy for Fulton Financial Corp. in Lancaster, parent company of Lehigh Valley-based Lafayette Ambassador Bank.

Keeping close, regular tabs on accounts, monitoring and immediately reporting suspicious activity and establishing maximum daily transaction thresholds are important steps any business or organization can take.

Commercial and business clients should only give staff transaction clearances for ceiling amounts that correspond to job requirements, and machines and equipment used for transactions should be dedicated only for those purposes, Molin said.

“Because it’s easy, we often get [blanket] authorizations for a company’s staff, when in fact not everyone needs the same transaction amount levels,” Molin said.

The bottom line is to give employees what they need to do their jobs, and no more.


Appropriate transaction limits protect business owners from the outside in.

“It reduces the risk of internal fraud,” Molin said.

Layers of protection, from habit and payment algorithms to spot unusual activity – whether it’s a 2 a.m. transaction or one from Bolivia – are aimed to keep commercial customer information and funds secure.

Watching transaction patterns, alerts and authorization requirements ahead of activity makes it harder for online thieves to do their worst.

“The fraudsters are looking for low-hanging fruit,” Molin said of digital hackers.


Brian Schaffer, senior vice president and marketing officer for QNB Bank in Quakertown, expects a ramp up of fraud schemes and scams in coming months as swipe credit cards become riskier to use and debit and EMV chip credit card technology gains more use.

EMV stands for Europay, Mastercard and Visa and is commonly known as a chip card. EMV is a global standard.

“The biggest issues left are at gas stations and some retailers who still use [magnetic] swipe readers,” Schaffer said.

An October 2015 government-mandated deadline shifted fraud liability from banks to merchants and sellers who are not EMV chip-card compliant. As EMV chip readers are designed to be more secure, thieves will target places where swipe readers still operate.

“The bad guys know this, and there’s going to be a full-court push,” Schaffer said.


According to a report in June by the U.S. Payments Forum, about 50 percent of debit and credit card transactions are chip-on-chip – in which the consumer uses a chip card and the merchant has a chip-reading device. The report said that number needs to grow to about two-thirds to realize significant reductions in card fraud.

Bank layers or safeguards protect transactions, some even before they’re completed.

Wire and automated clearing house transactions – primarily commercial in nature – require authentication steps, such as physical token devices held by the customer.

“A token is a small device that has a digital combination synced up to the online banking system,” Molin said.


Other security alert measures include a one-time pass code to text messages or telephone call-backs sent to a landline.

Fulton is introducing automated clearing house Positive Pay for debit account security.

It’s the ability to authorize or reject a transaction when it comes in, Molin said.

Another way to detect fraud, automated clearing house Positive Pay provides a way to assign who can debit an account as well as providing maximum pay limits on the amount.


Eileen Quinn, a Fulton senior vice president, said small-business accounts are similar in nature to consumer accounts and often have the same needs and use patterns. Customers have ways to sign up for email and text alerts so they can potentially spot activity they’ve not authorized, she said.

Bankers concede that security sometimes can become an issue for legitimate transactions.

“If you’re going to be traveling, let us know,” Quinn said.

From checking account statements to viewing transactions online, staying aware and paying attention are the best defenses against getting robbed.

“At the end of the day, the solution can be pretty low-tech,” she said.

Business Journal Events

2020 Forty Under 40 Awards

Thursday, July 16, 2020
2020 Forty Under 40 Awards

Health Care Symposium

Thursday, August 06, 2020
Health Care Symposium

Leaders in Finance and Law

Wednesday, September 16, 2020
Leaders in Finance and Law

Reader Rankings Awards

Wednesday, October 07, 2020
Reader Rankings Awards