Corporate Account Takeover (CATO) is a form of corporate identity theft where a business' online banking credentials are stolen by malware. Criminal entities can then initiate fraudulent banking activity, including wire transfers and ACH payments. Corporate Account Takeover Fraud involves compromised identity credentials and is NOT a compromise to the ACH Network, wire transfer system, or bank systems. CATO is specific to compromises on individual / business computers.

Losses from Corporate Account Takeover are not covered under Regulation E and, by agreement, are generally the responsibility of the customer; therefore, corporations and businesses need to take proper precautions to protect their computers and financial information to avoid financial and reputation losses.

Businesses need to evaluate their systems. Systems should have secure internet browsers. There are several products and the type of protection / security software is the individual choice of each business or corporation.

Some of the signs of a compromised computer are:

  • "System Unavailable" messages while banking online
  • Changes in the way your online banking application appears
  • Unexpected requests for a one-time password/token in a session
  • Unusual pop-up messages
  • Computer locks up
  • Dramatic loss of PC speed
  • Unexpected rebooting or restarting of PC
  • New or unexpected toolbars or icons
  • Inability to shut down or restart PC·Warnings from anti-virus or anti-malware software

Suggestions for Computer Security

  • Establish a dedicated computer for online banking
  • Prohibit web browsing, emailing and social networking
  • Use anti-virus and anti-spyware technology
  • Use secure browser technology
  • Do not leave computers unattended or unlocked
  • Use spam filters and pop-up blockers
  • Install routers and firewalls to prevent unauthorized access
  • Do not use public Wi-Fi hotspots such as in cafes and airports

If you should become a victim of Corporate Account Takeover, you should immediately contact law enforcement and all financial institutions that you conduct business with. Document all information available for any investigation.