Banner Bank ACH Originator Guide

• Educate your employees: Your employees can be your best defense against fraud. Remind your team to: o Not click on links purporting to be antivirus or anti-malware software without further scrutiny o Not download files from unknown sources, o Not click on suspicious or non-business-related links, o Not respond to on-screen pop-ups, especially those asking them to enter their contact information, online credentials, or the like. In addition, train your employees to scrutinize any payment request, including those that may appear to come from company executives. The employee should always verify the validity of the request through out-of-band means, such as calling the requestor via contact information already on file versus responding to an email request. • Verify your vendors’ account number changes: Require that all changes to vendor payment account numbers be made in writing on the vendor’s letterhead and verified with a call to the vendor’s telephone number in your files. It is helpful to always double check the change to payment instructions before initiating and approving the request. • Perform Daily Reconciliation and Monitoring: It is also important for your organization to monitor your accounts daily. Reviewing account transaction activity and ACH activity reports will ensure that you are aware of all entries, even when they have not yet been posted to your account. The sooner fraud can be detected, the more successful Banner Bank will be in assisting in recovering your company’s potentially lost funds. • Strengthen your internal controls to protect your computers from malware: Due to the high risk of this type of fraud, it is critical that all computer equipment used by your organization to operate Banner Bank’s ACH origination program must be regularly updated and patched for security vulnerabilities, including the use of and updating of firewalls, virus protection, anti-malware protection, and anti-spam protection. Banner Bank recommends having a dedicated computer not used to browse the Internet or read email to be the sole source of access to Business Online Banking . This helps avoid the accidental downloading of harmful programs or viruses that could potentially compromise your entries. Due to the risks inherent in processing electronic funds transfers, Banner Bank suggests that your company perform an internal risk assessment and an evaluation of your controls periodically to ensure you are considering and leveraging all available security options to your company. • Be proactive. Please notify Banner Bank immediately if you experience a fraud attempt or breach so we can work together to remedy the situation, change passwords, etc. Also, please notify your Treasury Management Consultant of any changes to your online users with access to accounts, ACH origination, etc. It is important that terminated employees or users that no longer need access to these services be disabled timely.

28