Sec Center Test Page

Client Security Guidance

Protecting Your Payments and Your Information Online

The Security Center provides practical steps for recognizing suspicious communications, reducing payment-fraud risk, and safeguarding online banking credentials.

Use this page to review security tools, payment controls, multi-factor authentication practices, phishing warning signs, and public resources for reporting suspicious activity.

Verify a Suspicious Message

If you receive a suspicious call, text, email, login alert, or payment instruction claiming to be from Chain Bridge Bank, N.A., do not click links, open attachments, share credentials, share one-time codes, or allow remote access to your device.

Contact the Bank directly at 703-748-2005 or through the official Get in Touch page. Do not use contact information supplied in a suspicious message.

Chain Bridge Bank, N.A. will never ask for your password, one-time code, security key, or remote access to your computer or mobile device.

Similar Names and Unrelated Institutions

Chain Bridge Bank, N.A. is a separate institution from other organizations that use similar names containing “Bridge Bank.” This Security Center applies only to accounts, services, communications, and security practices associated with Chain Bridge Bank, N.A.

For questions about a message, account notice, payment instruction, or website claiming to involve Chain Bridge Bank, N.A., contact the Bank directly at 703-748-2005 or through the official Get in Touch page.

Fraud-Prevention Tools for Commercial Clients

Positive Pay is an automated monitoring service that helps detect altered or unauthorized payments by comparing the checks or ACH items you issue against items presented to Chain Bridge Bank, N.A. Any mismatches appear in your online dashboard for review before posting.

Available Options for Commercial Clients

Check Positive Pay with Payee Name Verification

Compares the check’s payee name, amount, and check number to the item presented for payment.

ACH Positive Pay

Enables you to approve or block incoming electronic debits based on account number, company ID, or transaction amount.

These services add an important risk-control layer, but they require timely client review of exception items to be effective. They are offered at no charge to commercial clients.

To enroll or adjust your parameters, contact your Relationship Officer or Treasury Management professional.

Dual Control and Approval Levels

For outgoing wires, ACH payments, and Bill Pay transactions, Chain Bridge Bank, N.A. strongly recommends dual control. One user initiates a transaction, and another user independently reviews and approves it. The Treasury Management platform supports multi-level approvals, up to four, for organizations that require additional oversight or segregation of duties.

Security Procedures and Dual Control

Under Article 4A of the Uniform Commercial Code, as incorporated in Federal Reserve Regulation J, each commercial client and the Bank agree to a “security procedure” that governs how payment orders are verified and authorized. A payment order that satisfies the agreed-upon procedure may be treated as authorized by the client, even if initiated fraudulently.

Dual control adds an additional layer of oversight by requiring independent review before release. This separation of duties helps reduce errors and exposure to business email compromise, phishing, spoofing, and other social-engineering frauds.

Important Notice

This material is provided for educational purposes only. It does not constitute legal advice, amend any agreement, or create legal obligations. Clients should consult qualified legal counsel regarding their specific security-procedure arrangements.

II.

Choosing How to Pay

Paper checks remain a familiar payment method but carry increased risk of mail theft, alteration, and counterfeiting. Electronic payment options, such as ACH transfers, wire transfers, and online bill-payment services, offer stronger authentication and tracking features. No payment channel is entirely risk-free.

Important Consideration

Before shifting from paper checks to electronic payments, evaluate your internal controls, user-access management, and employee cybersecurity training. Ensure users can recognize and report phishing, business email compromise (BEC), spoofing, and other social-engineering attempts.

Losses caused by credential compromise, malware, or social engineering may fall outside your account or service agreements and are often not reimbursable.

Review your organization’s insurance or cyber-risk coverage to determine whether it protects against electronic payment fraud or credential theft. Treasury Management services are banking tools designed to help reduce risk exposure. They are not insurance products and do not provide reimbursement for fraud losses.

Discuss appropriate controls with your Relationship Officer or Treasury Management professional before making operational changes.

When Using Any Electronic Channel

Assign unique credentials to each authorized user; never share logins or tokens.
Implement dual control or multi-level approvals for all outgoing payments.
Verify new or changed payment instructions using an independent channel before sending funds. Do not rely solely on a text message, an automated call, or contact information supplied in the request.
Reconcile transactions daily, investigate exceptions promptly, and report suspicious activity to the Bank without delay.

Treasury Management Security Notice

The Treasury Management system requires multi-factor authentication (MFA) at login and again at initiation of wires and ACH transactions. MFA adds a second proof of identity beyond a password to help confirm that only authorized users can transmit payment instructions.

Protecting User Credentials

Even with MFA, compromised credentials remain a leading cause of unauthorized access.

To safeguard your Treasury Management credentials:

Create long, unique passphrases rather than short, complex passwords.
Do not reuse or share passwords across systems or by email or chat.
Store credentials securely in a password manager or vault approved by your organization; never store them in browsers.
Assign individual user IDs tied to job roles.
Change passwords promptly when compromise is suspected or after employee departure.
Enable MFA, passkeys, or FIDO2 keys where supported. These methods provide stronger protection than passwords alone.
Never approve a payment or code request unless you initiated the transaction.

Credential Security Reminder

Chain Bridge Bank, N.A. will never ask for your password, one-time code, security key, or remote access to your computer or mobile device. If you receive such a request, end the session and contact the Bank directly at 703-748-2005 or through the official Get in Touch page.

Note: The Bank maintains security controls based on applicable guidance and industry standards. Each client is responsible for maintaining appropriate internal controls.

III.

Chain Bridge Bank, N.A. requires MFA for online and mobile banking sign-in and for initiating wires and ACH transactions through Treasury Management. MFA adds a second proof of identity beyond a password to help confirm that only authorized users can transmit payment instructions.

Best Practices

Use authenticator apps, passkeys, or FIDO2 security keys for every login and payment approval.
Avoid text (SMS) or voice codes; they can be intercepted or spoofed.
Never share codes or approval requests with anyone, even if they claim to represent the Bank.
Approve requests only when you initiate the transaction.
Maintain secure devices: keep software updated and lock screens when unattended.

Note: MFA is one layer of defense. Clients remain responsible for maintaining credential-protection and internal-control practices appropriate to their risk environment.

IV.

Recognizing Phishing, Smishing, and Spoofing Attempts

Attackers use email (phishing), text messages (smishing), and phone spoofing to impersonate banks or trusted individuals. Fraudsters may spoof legitimate bank numbers, including the Bank’s own numbers, and impersonate employees. Caller ID cannot be relied upon.

These scams create urgency or fear to trick victims into revealing credentials or approving fraudulent transactions.

Common Warning Signs

A call or message claiming to be from the Bank demanding immediate action or secrecy.
Slightly altered email addresses or domain names.
Unfamiliar payment instructions or last-minute account-number changes.
Requests for credentials, codes, or remote access.
Unexpected attachments, links, or QR codes.

If You Suspect Fraud

Do not click links or download attachments.
Do not trust caller ID. Hang up immediately.
Verify independently by calling 703-748-2005 or using the official Get in Touch page on chainbridgebank.com.
Preserve evidence for your IT team and notify the Bank immediately.

Never Send Sensitive Information

Never send passwords, PINs, security codes, or identification documents by email or text. Chain Bridge Bank, N.A. will never request this information or remote access to your device. If you receive such a request, even if the caller ID shows the Bank’s name or number, end the call and verify directly through published channels.

What You Can Do Today

Taking proactive steps now helps reduce exposure to payment fraud and credential compromise.

Immediate Actions

Activate Check and ACH Positive Pay with Payee Name Verification.
Use electronic payments wisely and confirm payment instructions independently.
Require dual control for all outgoing payments.
Use strong authentication, such as authenticator apps, passkeys, or FIDO2 keys.
Protect credentials and remove access promptly when roles change.
Educate staff about phishing, smishing, and spoofing schemes.
Monitor and reconcile accounts daily.
Review cyber-insurance coverage and understand what losses it does or does not cover.

Reminder

These actions reduce, but cannot eliminate, cyber risk. Each client is responsible for implementing internal controls suited to their organization’s risk tolerance.

Contact the Bank

VI.

Shared Responsibility and Legal Context

Most cyber incidents exploit social engineering. The Bank employs layered security controls to deter unauthorized activity, but no system can prevent every risk. Clients are responsible for protecting devices, credentials, and internal processes.

Legal and Liability Notice

Losses resulting from credential theft, phishing, spoofing, or other client-side compromise may not qualify for reimbursement under law or agreement.

Federal and state laws, including Regulation E and UCC Article 4A, define each party’s rights and obligations. Clients should review their account and service agreements and consult qualified legal or insurance advisors to determine how these rules apply and whether additional cyber-risk or crime insurance is appropriate.

This information is provided for educational awareness only. Chain Bridge Bank, N.A. does not provide tax, legal, or accounting advice. Clients should consult their own advisors.

VII.

Key Public Resources

Use these public resources to report internet crime, review cybersecurity guidance, and learn more about ransomware prevention and response.

Report Internet Crime IC3.gov FBI Internet Crime Complaint Center for reporting suspected internet crime. Account Takeover and Impersonation IC3 Public Service Announcement Federal guidance on financial-institution impersonation and account-takeover fraud. Cybersecurity Guidance CISA.gov Cybersecurity alerts, resources, and toolkits from the Cybersecurity and Infrastructure Security Agency. Ransomware Guidance StopRansomware.gov Federal ransomware prevention, reporting, and response guidance.

VIII.

Frequently Asked Questions

Q1. How do I verify a call, text, or email that appears to be from Chain Bridge Bank, N.A.?

Do not rely on caller ID, logos, email signatures, or links in the message. They can be spoofed. End the call or close the message, then contact Chain Bridge Bank, N.A. at 703-748-2005 or through the official Get in Touch page. Do not use contact information supplied in a suspicious message.

Q2. Will Chain Bridge Bank, N.A. ask for my password, one-time code, security key, or remote access?

No. Chain Bridge Bank, N.A. will never ask for your password, one-time code, security key, or remote access to your computer or mobile device. If you receive such a request, end the session and contact the Bank directly.

Q3. What should I do if I think my credentials or account have been compromised?

Contact Chain Bridge Bank, N.A. immediately by calling 703-748-2005 or using the official Get in Touch page. Change affected passwords, review recent account activity, preserve suspicious messages, notify your IT team if the issue involves a business account, and follow any additional instructions from the Bank.

Q4. What should commercial clients do before changing payment instructions?

Verify new or changed payment instructions through an independent channel before sending funds. Do not rely only on email, text, or a phone number provided in the payment request. The FBI’s Internet Crime Complaint Center (IC3) recommends secondary channels or two-factor verification for account-information changes.

Q5. What is Positive Pay?

Positive Pay compares checks or ACH transactions you issue against items presented to Chain Bridge Bank, N.A. Exceptions appear for review before posting. These tools help detect altered or unauthorized items, but clients must review exceptions promptly.

Q6. Is Chain Bridge Bank, N.A. the same as other organizations named “Bridge Bank”?

No. Chain Bridge Bank, N.A. is a separate institution from other organizations that use similar names. This page applies only to accounts, services, communications, and security practices associated with Chain Bridge Bank, N.A.

Disclaimers

Advisory Disclaimer: Chain Bridge Bank, N.A. does not provide tax, legal, or accounting advice. Clients should consult their own advisors.

No Guarantee of Loss Prevention: Security controls reduce risk but cannot eliminate it. Electronic payments and online banking involve inherent risks of fraud, system intrusion, and credential misuse.

Swipe for more