Security Center

Protecting Your Payments and Your Information Online

Chain Bridge Bank, N.A. is committed to helping clients reduce payment risk through layered security controls, timely communication, and informed decision-making. The Bank employs systems and procedures designed to help safeguard online access and payment activity and provides educational resources to support client awareness.

Clients, however, are responsible for protecting their own computers, mobile devices, credentials, and internal controls, and for maintaining vigilance against phishing, spoofing, social-engineering, and other credential-theft schemes.

This page outlines practical measures every client should consider and explains the key risks and benefits associated with modern digital-payment methods.


1

Fraud-Prevention Tools for Commercial Clients

Positive Pay is an automated monitoring service that helps detect altered or unauthorized payments by comparing the checks or ACH items you issue against items presented to Chain Bridge Bank, N.A. Any mismatches appear in your online dashboard for review before posting.

Available Options (complimentary for commercial clients)

Check Positive Pay with Payee Name Verification

Compares the check’s payee name, amount, and check number to the item presented for payment.

ACH Positive Pay

Enables you to approve or block incoming electronic debits based on account number, company ID, or transaction amount.

These services add an important layer of protection but require timely client review of exception items to be effective. They are offered at no charge to commercial clients.

To enroll or adjust your parameters, contact your Relationship Officer or Treasury-Management professional.

Dual Control and Approval Levels

For outgoing wires, ACH payments, and Bill Pay transactions, Chain Bridge Bank, N.A. strongly recommends dual control — one user initiates a transaction and another independently reviews and approves it. The Treasury-Management platform supports multi-level approvals (up to four) for organizations that require additional oversight or segregation of duties.

Security Procedures and Dual Control

Under Article 4A of the Uniform Commercial Code (as incorporated in Federal Reserve Regulation J), each commercial client and the Bank agree to a “security procedure” that governs how payment orders are verified and authorized. A payment order that satisfies the agreed-upon procedure may be treated as authorized by the client —even if initiated fraudulently.

Implementing dual control adds a critical layer of oversight by requiring independent review before release. This separation of duties helps prevent errors and reduces exposure to business-email compromise, phishing, spoofing, and other social-engineering frauds.

Important Notice

This material is provided for educational purposes only. It does not constitute legal advice, amend any agreement, or create legal obligations. Clients should consult qualified legal counsel regarding their specific security-procedure arrangements.

2

Choosing How to Pay

Paper checks remain a familiar payment method but carry increased risk of mail theft, alteration, and counterfeiting. Electronic payment options — such as ACH transfers, wire transfers, and online bill pay — offer stronger authentication and tracking features, yet no channel is entirely risk-free.

Important Consideration

Before shifting from paper checks to electronic payments, evaluate your internal controls, user-access management, and employee cybersecurity training. Ensure users can recognize and report phishing, Business email compromise (BES), spoofing, and other social-engineering attempts.

Losses caused by credential compromise, malware, or social engineering may fall outside your account or service agreements and are often not reimbursable.

Review your organization’s insurance or cyber-risk coverage to determine whether it protects against electronic-payment fraud or credential theft. Treasury-management services are banking tools designed to help reduce risk exposure; they are not insurance products and do not provide reimbursement for fraud losses.

Discuss appropriate controls with your Relationship Officer or Treasury-Management professional before making operational changes.

When Using Any Electronic Channel

  • Assign unique credentials to each authorized user; never share logins or tokens.
  • Implement dual control or multi-level approvals for all outgoing payments.
  • Verify new or changed payment instructions using strong-authentication methods such as passkeys, authenticator apps, or FIDO2 security keys — never by text message or automated call.
  • Reconcile transactions daily, investigate exceptions promptly, and report suspicious activity to the Bank without delay.
Treasury-Management Security Notice

The Treasury-Management system requires multi-factor authentication (MFA) at login and again at initiation of wires and ACH transactions. MFA adds a second proof of identity beyond a password to help ensure only authorized users can transmit payment instructions.

Protecting User Credentials

Even with MFA, compromised credentials remain a leading cause of unauthorized access.

To safeguard your treasury-management credentials:

  • Create long, unique passphrases rather than short, complex passwords.
  • Do not reuse or share passwords across systems or via email or chat.
  • Store credentials securely in an approved password manager or vault; never in browsers.
  • Assign individual user IDs tied to job roles.
  • Change passwords promptly when compromise is suspected or after employee departure.
  • Enable MFA, passkeys, or FIDO2 keys where supported — these are far stronger than passwords alone.
  • Never approve a payment or code request unless you initiated the transaction.
Credential Security Reminder

Chain Bridge Bank, N.A. will never ask for your password, one-time code, or remote access to your computer. If you receive such a request, end the session and contact the Bank using official channels.

Note: The Bank’s security framework and controls are based on federal guidance and industry standards. Each client is responsible for maintaining appropriate internal controls.

3

Sign-In Security and Multi-Factor Authentication (MFA)

Chain Bridge Bank, N.A. requires MFA for online and mobile banking sign-in and for initiating wires and ACH transactions through Treasury Management. MFA adds another proof of identity beyond a password to confirm that only authorized users can transmit payment instructions.

Best Practices

  • Use authenticator apps, passkeys, or FIDO2 security keys for every login and payment approval.
  • Avoid text (SMS) or voice codes; they can be intercepted or spoofed.
  • Never share codes or approval requests with anyone — even if they claim to represent the Bank.
  • Approve requests only when you initiate the transaction.
  • Maintain secure devices: keep software updated and lock screens when unattended.
Credential Security Reminder

Chain Bridge Bank, N.A. will never ask for your password, one-time code, security key, or remote access to your device. If you receive such a request, verify by calling 703-748-2005 or visiting chainbridgebank.com.

Note: MFA is one layer of defense. Clients remain responsible for maintaining credential-protection and internal-control practices appropriate to their risk environment.

4

Recognizing Phishing, Smishing, and Spoofing Attempts

Attackers use email (phishing), text messages (smishing), and phone spoofing to impersonate banks or trusted individuals. Fraudsters often spoof legitimate bank numbers —including Chain Bridge Bank, N.A.’s own — and impersonate employees. Caller ID cannot be relied upon.

These scams create urgency or fear to trick victims into revealing credentials or approving fraudulent transactions.

Common Warning Signs

  • A call or message claiming to be from the Bank demanding immediate action or secrecy.
  • Slightly altered email addresses or domain names.
  • Unfamiliar payment instructions or last-minute account-number changes.
  • Requests for credentials, codes, or remote access.
  • Unexpected attachments, links, or QR codes.

If You Suspect Fraud

  • Do not click links or download attachments. Hover to verify the destination.
  • Do not trust caller ID. Hang up immediately.
  • Verify independently by calling 703-748-2005 or using the official Get in Touch page on chainbridgebank.com.
  • Preserve evidence for your IT team and notify the Bank immediately.
Never Send Sensitive Information

Never send passwords, PINs, security codes, or identification documents by email or text. Chain Bridge Bank, N.A. will never request this information or remote access to your device. If you receive such a request—even if the caller ID shows the Bank's name or number—end the call and verify directly through published channels.

5

What You Can Do Today

Taking proactive steps now helps reduce exposure to payment fraud and credential compromise.

Immediate Actions

  • Activate Check and ACH Positive Pay with Payee Name Verification.
  • Use electronic payments wisely and confirm payment instructions independently.
  • Require dual control for all outgoing payments.
  • Use strong authentication — authenticator apps, passkeys, or FIDO2 keys.
  • Protect credentials and remove access promptly when roles change.
  • Educate staff about phishing, smishing, and spoofing schemes.
  • Monitor and reconcile accounts daily.
  • Review cyber-insurance coverage and understand what losses it does or does not cover.
Reminder

These actions reduce — but cannot eliminate — cyber risk. Each client is responsible for implementing internal controls suited to their organization’s risk tolerance.

Contact Your Relationship Officer
6

Shared Responsibility and Legal Context

Most cyber incidents exploit social engineering. The Bank employs layered security controls to deter unauthorized activity, but no system is foolproof. Clients are responsible for protecting devices, credentials, and internal processes.

Liability Disclosure

Losses resulting from credential theft, phishing, spoofing, or other client-side compromise may not qualify for reimbursement under law or agreement.

Federal and state laws — including Regulation E and UCC Article 4A — define each party’s rights and obligations. Clients should review their account and service agreements and consult legal or insurance advisors as needed.

Clients should review their agreements and consult qualified legal or insurance advisors to determine how these rules apply and whether additional cyber-risk or crime insurance is appropriate.

This information is provided for educational awareness only and does not constitute legal, financial, or insurance advice.

Key Public Resources

🔒 CISA.gov
Cybersecurity alerts & toolkits 🛡️ StopRansomware.gov
Federal ransomware guidance 📋 FTC.gov / Data Security
Safeguarding information & privacy 🚨 IC3.gov
FBI Internet Crime Reporting Center 

EXTERNAL LINK DISCLAIMER:

By clicking the link you will be linking to another website not owned or operated by Chain Bridge Bank, N.A. Chain Bridge Bank, N.A. is not responsible for the availability or content of this website and does not represent either the linked website or you, should you enter into a transaction. The inclusion of any hyperlink does not imply any endorsement, investigation, verification or monitoring by Chain Bridge Bank, N.A. of any information in any hyperlinked site. We encourage you to review their privacy and security policies which may differ from Chain Bridge Bank, N.A. If you "Proceed," the link will open in a new window.

8

Frequently Asked Questions

Q1. What is Positive Pay, and how does it protect my business?

Positive Pay compares the checks or ACH transactions you issue against items presented to Chain Bridge Bank, N.A. If discrepancies appear, they are flagged for your review before posting. Chain Bridge Bank, N.A. offers Check Positive Pay (with Payee Name Verification) and ACH Positive Pay at no charge for commercial clients. These tools help detect altered or unauthorized items but still require timely review and approval by your staff.

Q2. Should I replace paper checks with online payments?

Electronic payments—such as ACH or wire transfers—offer faster processing and stronger authentication but also introduce different risks, including credential theft and social engineering. Before changing payment methods, evaluate your controls and employee training, and consult your Relationship Officer at Chain Bridge Bank, N.A. for guidance.

Q3. What is the most secure form of multi-factor authentication (MFA)?

The strongest MFA options are authenticator apps, passkeys, and FIDO2-compliant hardware security keys. These methods are more resistant to interception and spoofing than text (SMS) codes. Never share one-time codes or approval requests with anyone, including anyone claiming to represent Chain Bridge Bank, N.A.

Q4. How can I verify a call, text, or email that appears to be from Chain Bridge Bank, N.A.?

Do not rely on caller ID, email addresses, or logos—they can be spoofed. Hang up and contact Chain Bridge Bank, N.A. directly by calling 703-748-2005 or by using the Get in Touch page on the official website at chainbridgebank.com. Never use contact information provided in a suspicious message.

Q5. What should I do if I believe my credentials or account have been compromised?

If you suspect credential theft or unauthorized access, call Chain Bridge Bank, N.A. immediately at 703-748-2005. Change your passwords immediately, review recent transactions, enable additional security measures, and notify your IT team to scan for malware or unauthorized access.






















Disclaimers

Advisory Disclaimer: Chain Bridge Bank, N.A. does not provide tax, legal, or accounting advice. Clients should consult their own advisors.

No Guarantee of Loss Prevention: Security controls reduce risk but cannot eliminate it. Electronic payments and online banking involve inherent risks of fraud, system intrusion, and credential misuse.




Swipe for more




Swipe for more





























curvy graphic