Business Online Banking provides several controls and tools to help protect you against unauthorized transactions. We recommend that you use these controls along with your company’s own tools and resources to mitigate the risk of fraud.

General Best Practices

  • Verify all electronic requests to move money through a phone call to a validated number.
  • Disable the end user's administrative rights to their computers to minimize introduction of viruses, malware, etc.
  • Keep virus protection and operating systems up-to-date.
  • Never open attachments or respond to an email from an unknown source.
  • Limit internet browsing on the PC(s) used to access Business Online Banking.
  • Never log in to Business Online Banking at a public or unsecured computer.
  • Educate employees on the risks of online banking.
  • Work with your internal partners (e.g., IT, Audit) on other ways to mitigate risks. 

General Business Online Banking Controls

  • Use a computer that is dedicated to Business Online Banking with limited internet browsing and email access.
  • Reconcile account transactions daily.
  • Require dual controls for Wire and ACH transaction approval. 
  • Require users to confirm last sign on date on the Business Online Banking "Welcome" page.
  • Do not use account numbers when setting up nicknames for accounts.
  • View your alerts and notify the Bank if you do not recognize the activity.

Positive Pay

  • Segregate duties from those that issue checks, submit checks into Positive Pay, and decision exceptions.
  • Monitor and reconcile accounts daily.
  • Manage check stock orders and storage.

Wire and ACH Initiation

  • Limit user access to payment creation and approval functionality.
  • Segregate duties between payment creation and approval.
  • Require secondary approval of payments on separate computer.
  • Establish transaction limits for each user.
  • Contact us to set up daily amount/user limits for transactions.
  • Review your Wire and ACH history daily.
  • Verify all requests received in electronic form via telephone.

Remote Deposit Capture

  • Store processed checks in a secure, locked location requiring dual control for 30 days.
  • Securely destroy/shred checks after the required 30 day retention period.
  • Frank or mark checks as deposited after scanning.
  • Establish internal controls to prevent double presentment.
  • Require dual controls with segregation of duties.
  • Have a contingency plan for depositing items at a bank location should the system be unavailable for any reason.
  • Endorse all checks either through virtual endorsement or manually.


If you experience difficulty logging in, suspect unusual activity, or encounter any other issues, immediately contact the Quad City Bank Treasury Management team at treasurymanagement@qcbt.com or 563.468.5602.