We no longer support this browser. Using a supported browser will provide a better experience.

Please update your browser.

Close browser message

Treasury and Payments

Improve your working capital, reduce fraud and minimize the impact of unexpected disruptions with our treasury solutions—from digital portals to integrated payables and receivables—all designed to make your operations smoother and more efficient.

Learn more about our treasury solutions:

Credit and Financing

Prepare for future growth with customized loan services, succession planning and capital for business equipment or technology.

Learn more about our credit and financing solutions:

Commercial Real Estate

Get the strategic support to be successful throughout market and real estate cycles with insights, hands-on service, comprehensive financial solutions and unrivaled certainty of execution.

Learn more about our commercial real estate solutions:

International Banking

Global opportunities mean global challenges. But real success means understanding the local markets you serve—which is why we bring the business solutions, insights and market perspective you need. 

Learn more about our international banking solutions:

Cybersecurity and Fraud Protection

Developing a Strong Callback Process

While it may seem daunting to train employees to validate every request that contains a change in payment instructions, the repercussions of not verifying requests properly can be severe.

This article was originally published in Commercial Banking’s magazine, Cybersecurity: Technology and Tactics.

Criminals frequently impersonate chief financial officers, chief executive officers or known vendors in spoofed or compromised emails to convince employees to send money to bank accounts that the criminals control. Your company is liable for all losses incurred for payments that originate by using the security credentials of an authorized user. Unfortunately, if one of your employees releases a payment to a criminal, there’s no guarantee that you’ll be successful in recovering the funds. That’s why the callback process is such a vital step.

Developing a strong callback process reminds employees to authenticate a request before sending funds. By training employees to recognize potential schemes and validate suspicious activity—such as new bank account numbers for a known vendor—companies can often stop fraud before it’s too late.

Here are some best practices to follow:

  • Always contact an email sender or trusted vendor (in person or by using a known telephone number) when you receive instructions to change bank account information. Never rely on contact information sent in an email or respond to the email request directly.
  • Establish a tiered confirmation process to reduce vulnerability. For example, if an employee doesn’t perform the callback and instead asks another employee or manager to validate, they should follow a verification process to ensure protocols were followed. Never assume that the callback process was performed as expected—always confirm.
  • Never release funds if you can’t validate the request, even if it’s marked urgent or time sensitive.
  • Develop escalation protocols to use if an employee performs a callback but remains suspicious.
  • Work with vendors to create shared protocols for validating email requests.

Get in Touch and Stay Informed