Beneficial Ownership Requirement

The following sets forth the security procedures with which Customer agrees to comply when using Envision Bank’s Business Online Banking Services. Customer agrees that these security procedures are commercially reasonable. The Bank may issue new Security Procedures and/or cancel or change any Security Procedures from time to time.  Except as may otherwise be noted, the following Security Procedures are required for all customers:

Login ID: This is the electronic identification (which may be in letters, numerals and special characters) associated with each user of the Services that will be used for log-in.

Password: Each user of the Services will also be required to have a unique password known only to the user. Passwords are case-sensitive and must meet certain requirements, which are minimum 8 characters, maximum 16 characters, minimum 2 numbers, 1 uppercase letter, 1 lowercase letter, 1 special character.

Each user is required to change his or her individual password from time to time for security purposes and on a frequency established by Bank. Login IDs and individual passwords may not be shared with any other person or entity.

Enhanced Log-in Security: In addition to the above individual Login IDs and passwords, access to the Services includes, as part of the security procedures, a multi-factor authentication security procedure at log-in for each user. Enhanced log-in security incorporates an additional multi-part credential for each user of the Services of identity authentication that may include, but is not limited to, additional log-in security features such as security cookies, flash objects, and one-time pass-codes. The enhanced log-in security will require each user of the Services to establish and utilize, in addition to individual Login IDs and passwords, his/her own individual authentication by selecting a preferred out-of-band delivery channel for one-time pass-codes that may be required from time to time at log-in. These log-in pass-codes may be delivered to users via email or such other method as Bank may offer from time to time, including but not limited to delivery to a designated phone or mobile device, as applicable, either by voicemail or SMS text.

Enhanced Transaction Security: An additional security procedure that may be required by Bank includes the use of one-time pass-codes for certain transactional functionality associated with ACH transactions and wire transfers. These transaction pass-codes may be delivered to users via voicemail, SMS text, a physical security device or token (“Token”), or such other method as Bank may offer from time to time. As applicable, a Token will be issued to users, for example, for use in initiating and/or approving ACH transactions and wire transfers. Notwithstanding the foregoing, Bank reserves the right to incorporate the use of transaction pass-codes for certain other functionality from time to time, in its sole discretion, including by way of example only and not by way of limitation, the use of transaction pass-codes with certain administrative functionality and for the creation of ACH and wire templates, as applicable. Physical security of each Token is Customer’s sole responsibility. Fees may apply to Tokens, as reflected in the Fee Schedule.

With the Token, each user will receive a PIN number that the user must keep in a secure place. When a user leaves Customer’s employ and/or his or her Login ID must otherwise be deleted and, if a Token had been issued to such user, Bank must be promptly notified so that the Bank may deactivate such user’s Token. Any additional user requiring a Token must be authorized, in writing by Customer to Bank, for Token creation or re-creation and deployment. If applicable, fees may be assessed for additional Tokens.

Minimum System Requirements: The Services are designed to operate using the latest operating system and browser combinations. It is important for Customer to keep the Computer’s operating system and browser version current to ensure maximum security and user experience.

Required Security Procedures:

At least 128-bit encryption technology or its equivalent.
Company ID plus User ID and individual password
Tokens – An additional required security procedure incorporates use of a separate physical security device or token (“Token”) which generates a One-Time-Password (OTP) for log-in functionality. A Token provides an additional layer of security and will be issued to authorized user(s) for use in gaining access to the Online Services system. Physical security of each Token is Customer’s sole responsibility.

Additional Strongly Recommended Security Procedures:

From time to time and as applicable, Bank may make available additional security procedures for use with ACH origination or wire transfers via the Services. Bank strongly recommends the use of these additional security procedures to help deter and protect against unauthorized transactions associated with the Services, including the following:

Dual Control – The security procedures include controls within the Services and ACH origination, wire transfers and Bill Payment to segregate the duties of those authorized users who can create transactions from those authorized users who can release transactions. With this additional security feature, one authorized user creates, edits, cancels, deletes and restores certain transactions with his/her User ID, password, OTP and other access credentials; a second different authorized user with his/her User ID, password, OTP and other access credentials reviews and/or approves the transaction request prior to it being released.
IP Restrict – For business customers that consistently utilize the Services from only a few locations and IP addresses, access to such Customers’ Services account can be limited to those IP addresses.
Time Restrict – Access to Customer’s Services can be restricted to hours set by Customer’s Administrator.
Alerts – Users can request email alerts to all users if certain events take place on Customer’s account.
Recommended Security Procedures are subject to system availability and connectivity.

In addition to the above, the following tips or “Best Practices” provide information and security measures that Customer can take to help protect Customer’s Accounts from scams and other harmful attacks:

Protecting your business’s financial assets is a top priority at Envision Bank, but we can’t do it alone. Just as you protect your business’s physical location from intruders by activating a burglar alarm at closing time, your business’s computers must be protected from cyber thieves attempting to exploit weaknesses in your computer network. Please be aware that FDIC Insurance or Regulation E (the Electronic Funds Transfer Act) does not cover fraud losses for business customers. Envision Bank recommends that all business owners discuss online fraud protection with their insurance carriers to ensure they are adequately protected in the event of a loss.

Harden your Computer against cyber-attacks. Computers that are not appropriately protected can become an open gateway for cyber criminals to access your online account or perform malicious activity. Unfortunately, antivirus products alone are not enough to protect you from malware that can give cyber criminals control of your computers. Below are basic tips to protect the Computers at your business.

1. Use a dedicated computer: If possible, dedicate a computer to be used ONLY for online banking purposes to mitigate the risk of computer and user credentials being compromised. Your business’ computer system should not be used for email, social media, or web browsing.

2. Password Protection: A unique password or token PIN is the first step of securing your online information. Select a password/PIN that is easy for you to remember but do not select birthdays, sequential numbers or street addresses. Do not share your password/PIN with anyone. Remember, Envision Bank employees will never ask for your password.

3. Keep your operating systems, antivirus and other software up to date. Scan your computers for viruses regularly.

4. Fraud Awareness: Fraudsters use official-looking e-mails (Phishing) and websites to lure you into revealing confidential financial information. The phishing messages appear to be from trusted banks, retailers or other companies. Be suspicious of any e-mail with urgent requests to “verify account information.” When in doubt, call the sender directly and validate the message. If you receive a suspicious email, do not click on any links or attachments, since they could contain malware. Just delete the email.

5. Transaction Review: Check your account balances and transaction activity daily and promptly report any suspicious activity to your account manager or call 877-963-2100 and speak to a Envision Bank Customer Service Representative.
Make your computer less vulnerable to cyber thieves. Your business online account has built-in security options you can use to protect and monitor your online activity. Don’t wait until your business is a victim of cyber fraud before you protect yourself.

Enroll and Check your Email Alerts: Reviewing email alerts immediately can protect against fraudulent activity on your account.
Review Account Activity: Review your online accounts for any transactions you did not initiate. Early detection may prevent large losses.
Requiring two individuals to execute transactions (dual control) can prevent fraudulent activity even if one employee’s computer is compromised.
Change your Password: Changing your password periodically reduces the chance of it being compromised.
Only use Company Computers: When accessing online business accounts, only use designated company computers that use the company network. Non-business computers and networks are more likely to be infected with malware.

How to identify common attacks by cyber criminals. No one wants to become a victim of cyber fraud, but if it does happen, responding to it quickly is of the utmost importance. Below are ways to help your employees identify when they may be the victim of cyber fraud, or when you should consider contacting Envision Bank for assistance. Be sure that all employees that are authorized to use Business Online on your behalf are aware of these tips. Call 877-963-2100 and speak to a Envision Bank Customer Service Representative if you experience any of the following scenarios:

If you receive an email alert regarding a wire, ACH, or bill pay transaction you did not initiate;
If you receive an email alert regarding a change of password or email address you did not create;
If you see unknown transactions or balance inconsistencies on your account;
If the login screen looks different or has unusual fields or prompts;
If you receive a message saying online banking is unavailable due to maintenance or another reason after you just logged in;
If you log on to Envision Bank online banking and are immediately logged off, your account is locked for no apparent reason, or your computer freezes.

Learn about your liability in the event of a cyber-attack. Envision Bank provides the Services to its business customers to add convenience for conducting financial transactions, but we cannot assume liability for fraud on business accounts as a result of malware and/or system vulnerabilities on our customers’ Information Technology systems. Our business customers must ensure that adequate security controls are in place on their Information Technology systems before accessing the Services to minimize risk. Business customers are contractually obligated to maintain the security of their computers and must monitor their accounts proactively and frequently. This means that you will be responsible for any fraudulent financial activity on your account if your business’s computers or accounts are compromised. Business customers who use their Information Technology systems to house proprietary, financial, or personnel information should employ an Information Security Professional periodically to conduct a thorough review of their systems and security controls.