Why Business Banking Security Matters
Business banking accounts are prime targets for fraudsters because they typically hold larger balances and process higher-value transactions than personal accounts. Unlike consumer accounts, business accounts have different liability protections — making it critical to implement strong security measures proactively.
This guide covers the security features available through your Eastern Business Banking login and the best practices your organization should follow to protect your financial assets.
Multi-Factor Authentication (MFA)
Multi-factor authentication is the single most effective security control for preventing unauthorized account access. Eastern Business Banking requires MFA for all users.
How MFA Works
When you log in, you provide two pieces of evidence that you are who you claim to be:
- Something you know — your username and password
- Something you have — a verification code sent to your phone, email, or generated by an authenticator app
Even if a fraudster steals your password, they cannot access your account without the second factor.
MFA Delivery Methods (Ranked by Security)
| Method | Security Level | Notes |
|---|---|---|
| Authenticator App (TOTP) | ⭐⭐⭐⭐⭐ Highest | Google Authenticator, Microsoft Authenticator, Authy. Code changes every 30 seconds. Not vulnerable to SIM swapping. |
| Hardware Token | ⭐⭐⭐⭐⭐ Highest | Physical device that generates codes. Most secure but requires carrying a separate device. |
| SMS Text Message | ⭐⭐⭐ Moderate | Convenient but vulnerable to SIM swapping attacks. Better than no MFA. |
| ⭐⭐ Lower | If your email is compromised, MFA is bypassed. Use only as last resort. | |
| Phone Call | ⭐⭐ Lower | Vulnerable to call forwarding. Use only if no other option is available. |
Eastern Bank strongly recommends using an authenticator app for MFA. SMS-based MFA is vulnerable to SIM swapping attacks, where a fraudster convinces your mobile carrier to transfer your phone number to their device.
Managing MFA Settings
To update your MFA delivery method:
- Log in to Eastern Business Banking
- Navigate to Settings → Security → Multi-Factor Authentication
- Select your preferred delivery method
- Follow the setup instructions for your chosen method
- Test the new method before relying on it
If you lose access to your MFA device, contact the Business Service Team at 1-800-333-8000 to reset your MFA. You will need to verify your identity through alternative means.
Password Best Practices
Your Eastern Business Banking password is your first line of defense. Follow these guidelines:
Creating a Strong Password
- Use at least 12 characters (16+ recommended)
- Include uppercase, lowercase, numbers, and special characters
- Avoid common words, names, or dates
- Use a passphrase: combine 4+ random words (e.g., "Purple$Tiger$River$Castle")
- Never reuse passwords from other accounts
- Use a password manager to generate and store unique passwords
Password Management
- Change your password immediately if you suspect a breach
- Do not share passwords between users — each user should have their own credentials
- Never write passwords on sticky notes or store them in plain text files
- Eastern Business Banking requires password changes every 90 days
- Passwords cannot be reused for 5 previous cycles
Need to Update Your Security Settings?
Log in to Eastern Business Banking to review your security configuration.
Access Your AccountUser Permissions and Access Control
Eastern Business Banking supports multiple users with customizable permissions. Properly configuring user access is essential for preventing internal fraud and limiting damage from compromised accounts.
User Roles
| Role | Capabilities | Recommended For |
|---|---|---|
| Administrator | Full access: create users, modify permissions, all transactions | Business owners, CFO, controller |
| Manager | Approve transactions, view all accounts, limited user management | Accounting manager, office manager |
| Initiator | Create payments/transfers (requires approval), view assigned accounts | Accounts payable clerk, bookkeeper |
| Viewer | View account history and reports only, no transaction capabilities | Auditors, external accountants |
Best Practices for User Management
- Principle of least privilege — grant users only the access they need
- Dual approval — require two users for payments above a threshold
- Regular reviews — audit user access quarterly
- Prompt deactivation — remove access immediately when employees leave
- Individual accounts — never share login credentials between users
- Transaction limits — set per-user dollar limits for payments and transfers
Positive Pay — Check and ACH Fraud Prevention
Positive Pay is Eastern Bank's fraud prevention service that matches presented checks and ACH debits against your authorized list before payment.
Check Positive Pay
When you issue checks, you upload a file (or manually enter) the check number, amount, and payee to Eastern Business Banking. When a check is presented for payment, Eastern Bank compares it to your authorized list:
- Match — check is paid automatically
- No match — check is flagged as an exception
- Decision required — you review and decide to pay or return
ACH Positive Pay (ACH Filter)
ACH Positive Pay allows you to pre-authorize specific ACH debits:
- Allow list — only ACH debits from authorized originators are processed
- Block list — specific originators are blocked
- Dollar limits — set maximum amounts per originator
- Exception review — unauthorized ACH debits are flagged for your decision
Contact the Business Service Team at 1-800-333-8000 to enable Positive Pay for your account.
Phishing and Social Engineering Protection
Phishing attacks are the most common method used to compromise business banking accounts. Fraudsters impersonate Eastern Bank or other trusted entities to steal credentials.
Recognizing Phishing Attempts
- Urgency or threats — "Your account will be closed in 24 hours"
- Generic greetings — "Dear Customer" instead of your name
- Suspicious links — hover over links to verify the destination URL
- Spelling and grammar errors — professional communications are proofread
- Requests for sensitive information — Eastern Bank will never ask for your password via email or phone
- Unexpected attachments — do not open attachments from unknown senders
Business Email Compromise (BEC)
BEC attacks target businesses that regularly make wire transfers or vendor payments. Attackers compromise or spoof email accounts to redirect payments:
- Fraudster impersonates a vendor and sends new banking instructions
- Fraudster impersonates an executive and requests an urgent wire transfer
- Fraudster intercepts email threads and modifies payment details
BEС Prevention
- Verify all banking changes by phone — call the vendor using a known number (not from the email)
- Implement dual approval — require two people to approve wire transfers
- Use out-of-band verification — confirm payment instructions through a different channel than email
- Train employees — educate staff on BEC tactics and red flags
- Register domains — consider registering look-alike domains to prevent spoofing
Eastern Bank will never email you asking for your password, account number, or security questions. If you receive such an email, do not respond and forward it to abuse@easternbank.com for investigation.
Device and Network Security
Secure Your Devices
- Keep operating systems and browsers updated with the latest security patches
- Install reputable antivirus/anti-malware software and keep it current
- Enable firewalls on all computers used for online banking
- Do not use public Wi-Fi for banking — use a VPN if remote access is necessary
- Lock your screen when stepping away from your computer
- Dedicated banking computer — consider using a separate device for online banking
Mobile Security
- Use the official Eastern Bank mobile app — not a web browser
- Enable biometric authentication (fingerprint or Face ID)
- Keep your mobile operating system updated
- Do not jailbreak or root your device
- Enable remote wipe in case your device is lost or stolen
- Do not store passwords in unencrypted notes apps
Session Security
Eastern Business Banking implements several session-level security controls:
- Automatic timeout — sessions expire after 15 minutes of inactivity
- Single session — concurrent logins from different locations are blocked
- IP monitoring — unusual login locations trigger additional verification
- Encryption — all data transmitted between your browser and Eastern Bank is encrypted with TLS 1.2+
- Secure logout — always click "Log Out" when finished; do not just close the browser
Alerts and Notifications
Eastern Business Banking provides configurable alerts to keep you informed about account activity:
| Alert Type | Trigger | Delivery |
|---|---|---|
| Login alert | Successful login from a new device or location | Email, SMS |
| Failed login alert | Multiple failed login attempts | |
| Payment alert | Payment or transfer initiated | Email, SMS |
| Balance threshold | Account balance falls below a set amount | Email, SMS |
| Large transaction | Transaction exceeds a specified amount | Email, SMS |
| Profile change | User permissions or settings modified |
Configure alerts in Settings → Alerts. Enable as many alert types as practical — early detection is critical for limiting fraud losses.
What to Do If You Suspect Fraud
If you notice unauthorized transactions, receive suspicious emails, or suspect your credentials are compromised:
- Change your password immediately — if you can still log in
- Call the Business Service Team — 1-800-333-8000 (available 24/7 for fraud reports)
- Request an account freeze — stop all outgoing transactions
- Document everything — transaction details, times, emails received
- File a police report — for significant fraud losses
- Review all recent transactions — look for additional unauthorized activity
- Update MFA — reset multi-factor authentication on a trusted device
- Notify your IT team — check for malware or compromised systems
The sooner you report fraud, the more likely Eastern Bank can recover the funds. Wire transfers become irrevocable within hours, so immediate reporting is critical. Do not wait to "investigate" — call first.
Frequently Asked Questions
How often should I change my Eastern Business Banking password?
What is Positive Pay and do I need it?
Does Eastern Bank offer two-factor authentication?
What should I do if an employee with banking access leaves the company?
Secure Your Business Banking Today
Review your security settings and enable all available protections.
Login to Review Settings