Providing helpful business tips and exclusive information about Hills Bank services.

If you are having trouble reading Successful Business view the Web Version.
If you like what you see, forward Successful Business to a friend or sign up for Successful Business yourself!

Volume 8, Issue 3: May - June 2013

Phreaking Fraud

Corridor business owners are opening their phone bills to find outrageous long distance charges as a result of phreaking fraud. Phreaking, otherwise known as the art and science of cracking the telephone network is causing headaches for many business owners. However, telecom attacks are certainly nothing new. As far back as the 1960s, hackers called “phone phreakers” were figuring out ways to fool the phone company’s telecom systems into granting them access to make long distance calls at no charge.

How do these fraudsters get into your phone system? The criminal “phreaker” makes an after hours telephone call to your company and finds a weak spot in your phone system allowing unauthorized access to an outside line. The fraudulent phone calls can rack up outrageous long-distance charges before you know it.

Financial loss to companies from phreaking can be so devastating that it may push a business into bankruptcy. You can help protect your business by removing vulnerable spots in your phone system. Consult your local long distance carrier or your technology consultant for more information on phreaking.

Defending Your Business Against Cyber Fraud Seminar

Over 100 local business men and women attended the Defending Your Business Against Cyber Fraud seminar on May 14th at Hills Bank in North Liberty and Cedar Rapids. Together, Cassie Myers and Loras Evan, of McGladrey, shared information on the safety and security of conducting business online. Being online is an essential part of business operations for many.

ACH Fraud Risks
ACH (Automated Clearing House) is an electronic funds-transfer system run by NACHA. This payment system deals with payroll, direct deposit, tax refunds, consumer bills, tax payments and many more payment services.

Many financial institutions, including Hills Bank have seen an increased amount of ACH fraud as a result of cyber fraudsters deploying spyware and malware on business computers. This criminal activity can be detrimental to a business and in essence is a form of corporate identity theft in which attackers gain access to business’ accounts by stealing employees’ passwords and credentials. We encourage our commercial customers to enhance their programs and controls to protect against these attacks. Examples of risk management programs include:

  • Performing a risk analysis to determine how susceptible the company is to corporate account takeovers
  • Determine how online information is accessed
  • Establish online security procedures
  • Understand the company's security practices and systems' security

Having policies and procedures alone are not enough. Providing adequate training on the risks of ACH to key personnel will provide some ownership of the risk, employees are typically the weakest link. Formal agreements are executed between Hills Bank and the originator of the ACH to help reduce the risk of ACH fraud.

Another way to reduce the chance that your business account is hacked is to establish a debit filter. Nicole Slaubaugh, Vice President, Deposit Services of Hills Bank describes debit filter as, "a service that will not allow an electronic ACH debit to come from your business account unless it is preauthorized. The service fee is only charged if an unauthorized ACH debit is blocked from your account. Businesses have two days to dispute a transaction. It is a win-win for the businesses and the bank, as we are both invested in reducing cyber fraud activity.” If you are interested in learning more about debit filters please contact your local Hills Bank deposit representative.

System Security Essentials
Due to the sophisticated nature of cyber-crime, there is not a single solution for system security. The best approach is a multi-layered approach. Even with the latest distributed denial of service (DDoS) attacks, defense layers are considered the most important defense mechanism. Loras Evans, Principal with McGladrey reminded everyone that security is not a “one-time event”; it is only as good as the weakest link. Don’t skimp on a firewall layer. Use a business class firewall such as Cisco, SonicWall, Fortinet or Watchguard. Testing your firewall often also ensures it is doing its job.

When it comes to antivirus protection the two most common are Symantec and McAfee. The antivirus should be centrally deployed and managed. Users should not be able to disable the virus protection. There should be reporting to validate that all systems are enabled and UPDATED. At a minimum, complete weekly system scans.

Cyber fraudsters seek usernames and passwords daily. You should ensure that each user has their own separate username and password. Passwords should be at least eight characters long and complex, making it harder for them to be hacked. Passwords should be required to be changed every 90-120 days and after three invalid attempts, the account should be locked.

If you think a PC has been compromised it is typically due to human error. It could be because virus protection was disabled, users were permitted to go anywhere online and systems became infected, user controls were poor, or passwords were weak. You should assume that if one computer is compromised your whole network may be compromised as well.

Hills Bank conducts various educational seminars through the Hills Bank Business Academy to educate business owners and employees on topics that are important to them. See what’s on the calendar for future trainings. Seminars are added as they are scheduled, so check back frequently.

Hills Bank and Trust Company is not an expert in cyber fraud or system security essentials. Please contact your local administrators for security policies and procedures for your business.

Upcoming Events

Learn more or register for upcoming seminars from Hills Bank.

QuickBooks Seminar
Tuesday, September 10 and Thursday, September 12
11:30am - 1:00pm
Hills Bank, 590 W Forevergreen Rd, North Liberty
RSVP for the QuickBooks Seminar by emailing Carrie Ebel at or calling at 319-358-2272.

Tuesday, September 17 and Thursday, September 19
11:30am - 1:00pm
Hills Bank, 3905 Blairs Ferry Rd NE, Cedar Rapids
RSVP for the QuickBooks Seminar by emailing Elaine Blythe at or calling at 319-866-7022.

Managing the Closely Held Business Seminar
Thursday, September 26 - Friday, September 27
8:00am - 5:00pm
Hills Bank, 590 W Forevergreen Rd, North Liberty
RSVP for the the Managing the Closely Held Business Seminar by clicking the link above.

Join the Greater Iowa City Area Home Builders Association for its annual Parade of Homes June 1 - 9. Homes are open on Saturday from 10 am to 5 pm, Sunday from noon to 5 pm, and on Tuesday and Thursday from 6 to 9 pm.

The Greater Iowa City Area Home Builders Association is hosting its Remodelers Parade on Saturday, June 1 from 10 am to 5 pm and on Sunday, June 2 from noon to 5 pm. Visit the Iowa City Home Builders website for more information.

Ask the Expert

Q. My business recently switched credit card processing providers but my old processor keeps debiting my account. What can I do?

A. Unauthorized debits are not as uncommon as one may think; when it comes to someone withdrawing funds from your account without your permission you have several options.

The most common thing to do in this circumstance would be to place a stop payment, which currently stays in effect for six months. Anything charged to your account with that company’s specific information would be returned. However, effective in September of 2013 the Automated Clearing House (ACH) is changing its rules that a stop payment on an ACH item (electronic debit or credit) coming through a non-consumer account will only be effective one time, no longer six months.

The best solution to keep unauthorized users from debiting your account would be to place a debit filter on the account. Debit filters can work in two ways. In one situation you can tell Hills Bank who can debit your account and we will reject all other electronic debits. For example, if you let us know that your electric and water companies can debit your account and then a debit is sent by your gas company, we would reject the gas company’s transaction. Another way would be to tell us that anyone can debit your account with the exception of a list of companies which you would provide.

While closing your account may also seem like an option, it’s very simple for someone to obtain your account information by simply looking at a check issued by your business. Best practice is to look at your account daily using Hills Bank Online Business Connections and notify us immediately if there is unauthorized activity on your account. Non-consumer ACH transactions are time sensitive and the window to return a transaction is very small so the sooner we are notified, the more help we can be. For more information regarding ways to keep your account secure contact your Commercial Deposits Representative.

Have a question? Submit it to to have it featured in an upcoming issue.

Tell A friend why you love Hills Bank and when they open a checking account, you will get 20 dollars.

10 Second Tip

Something Worth Quoting

Doing what you love is the cornerstone of having abundance in your life.

-Wayne Dyer

Hills Happenings

Holiday Schedule

The bank will be closed on the following holidays:

  • Independence Day
    Thursday, July 4

Even though we will be closed, you can still do your banking at over 90 Hills Bank ATMs in the Corridor, Hills Bank Online, mobile banking, or through Push Button Banker.

See all the Hills Bank holidays.

Send us your feedback!

Send Us Your Feedback

Send any comments, suggestions, or ideas, to
We are always trying to improve our eNewsletter and would love to hear from you!

Equal Housing Lender

© Copyright 2013
Hills Bank and Trust Company.
Member FDIC.