What is a Corporate Account Takeover?

Corporate Account Takeover (CATO) is a type of fraud where thieves gain access to a business' finances electronically. The most common method of CATO is stealing usernames and passwords. This information can be used to make unauthorized transactions, including transferring funds from the company, creating and adding fake employees to payroll, and stealing sensitive customer information. 

Good security practices can reduce the CATO risks.

  1. Have a security plan
    • Each business should evaluate its Corporate Account Takeover risk profile and develop a security plan that includes sound business practices
  2. Protect computer/online environment
    • Use complex passwords and change passwords periodically
    • Do not share passwords with employees
    • Do not use the same password across different websites
    • Do not use work computers on unprotected wireless networks
    • Encrypt sensitive data
    • If you receive an unexpected email, do not click any links
    • Run the most current version of Operating systems and Web browsers
  3. Pay attention to activity and react quickly
    • Review accounts daily looking for any unusual account activity
    • Report suspicious activity immediately
  4. Understand your responsibilities and liabilities
    • Read and understand the UCB Online Banking agreement
    • Implement the security safeguards in the agreement
    • Businesses have more responsibilities and less protections than consumer accounts
  5. Educate all employees
    • Security is a shared responsibility
    • All employees should be trained to help identify CATO risks


  1. The Better Business Bureau's website on Data Security Made Simpler: https://www.bbb.org/
  2. The Federal Trade Commission's (FTC) Business Center: https://www.ftc.gov/tips-advice/business-center
  3. The National Institute of Standards and Technology's (NIST) Fundamentals of Information Security for Small Businesses: http://csrc.nist.gov/publications/nistir/ir7621/nistir-7621.pdf