|
When BKW learned on January 5 that
approximately $3.8 million in taxpayer money was stolen through
unauthorized bank transfers from the Duanesburg
Central School District, the business office
immediately contacted representatives from Key Bank, the
district's banking institution, to review safeguards in place for protecting
our district funds from a
similar situation.
Below are examples of the different ways our
district and Key Bank work together to ensure district funds are
protected daily from cyber crime.
Fraud
We are aware of a number of phishing scams that
attempt to gather personal information through e-mail accounts.
Typically, someone sends an e-mail stating they are from that
person's bank performing a survey or requesting account updates.
Although the person may be asked for personal information,
sometimes just opening the e-mail may be all a scammer needs to
begin monitoring key strokes and banking practices.
Key Bank has always informed our district that it would never request information over an
e-mail. Ellen Grasek, our district treasurer, is very aware of
these scams. If any suspicious e-mails make it
through BKW’s firewall, they are never opened and are always
deleted or directed to our IT Department.
Automatic Clearing House (ACH) withdrawals
Through Key Total Treasury (KTT), our online
banking tool, the district treasurer is the only one authorized to do transfers,
wires and all other banking transactions. KTT is set up with a
digital certificate, specific to only one computer. Transactions
can only be processed with the correct passwords from that
computer. Accessing from another computer would require
contacting the bank by phone with all the correct security
information to install another digital certificate.
There is also a "block mechanism" that only allows
payments under $100,000 to go out. Key Bank would have to be
contacted personally to authorize any payments over that amount. Automatic
withdrawals are filtered by the district to allow only
withdrawals by the Internal Revenue Service, the New York State
Department of Taxation and Finance and
the Employee Retirement System for tax payments. All others are
blocked.
Wire withdrawals
Our district treasurer is the only one
authorized to send wires. Wires to International Banks are
not allowed. The only wires performed are transfers to other
banks for certain types of payments. All telephone wires require
a secondary approval by phone by the district's business
official (Kevin Callagy), and all electronic wires will require a secondary
approval on-line through a secured banking site. We receive
confirmation of all wires and where they were sent.
Monitoring accounts
Bank account balances are always checked daily by the district
treasurer. A large withdrawal would be noticed and investigated.
Bank statements are reviewed the same day that they are received
for any unusual activity.
We have various safeguards on our checking accounts as well,
such as not allowing electronic transfers to be converted to
checks, thus not allowing the check to be double paid. All
internal electronic transfers are reviewed daily by the district
business official.
The
district also uses the fraud protection service Positive Pay,
which alerts the district if a check is being cashed that does
not match a file that was sent from the business office.
Key Bank personnel meet with us at least once a year, and talk
to us frequently by phone about new advances to protect our
investments. |
