Corporate Account Takeover (CATO) is a form of corporate identity theft where a business' online banking credentials are stolen by malware. Criminal entities can then initiate fraudulent banking activity, including wire transfers and ACH payments. Corporate Account Takeover Fraud involves compromised identity credentials and is NOT a compromise to the ACH Network, wire transfer system, or bank systems. CATO is specific to compromises on individual / business computers.
Losses from Corporate Account Takeover are not covered under Regulation E and, by agreement, are generally the responsibility of the customer; therefore, corporations and businesses need to take proper precautions to protect their computers and financial information to avoid financial and reputation losses.
Businesses need to evaluate their systems. Systems should have secure internet browsers. There are several products and the type of protection / security software is the individual choice of each business or corporation.
If you should become a victim of Corporate Account Takeover, you should immediately contact law enforcement and all financial institutions that you conduct business with. Document all information available for any investigation.