Commercial Banking Corporate O2 Digital Solution

Put the power of Corporate O2 to work for you.

Ready to take things to the next level? Corporate O2 is our proprietary state-of-the-art treasury solution designed to build on your company’s success and maximize your bottom line. Desktop or mobile, Corporate O2 opens a whole new world of possibilities for you and your business. Contact your O2 Treasury Management advisor today.
Login to Corporate O2
FAQ | ABOUT | USER GUIDES |TUTORIAL VIDEOS |INTUIT® INFORMATION |NACHA INFORMATION

Corporate O2 FAQ

What is Corporate O2?

Corporate O2 is our commercial digital banking platform, which includes a desktop online banking service as well as a mobile experience (Corporate O2 Mobile).

HOW DO I ACCESS Corporate O2 mobile? 

Follow the steps found here to set up Corporate O2 Mobile on your device. 

Is there training available?

This page includes product tutorial videos outlining the different services and related functions included in Corporate O2, as well as User Guides that cover these topics.

I currently use O2 Remote Deposit (RDC). DO YOU OFFER SINGLE SIGN-ON CAPABILITY THROUGH CORPORATE O2?

The desktop version of Corporate O2 will provide an option for you to connect to RDC, and separate login credentials for RDC are no longer required. If any of your RDC users do not have access to Corporate O2, they can continue to login to O2 Remote Deposit as a standalone service through our website at www.oldsecond.com.

WHAT ADDITIONAL FUNCTIONALITY Does Corporate O2 include?

  • Corporate O2 Online
    • More efficient approval process for all of your treasury transactions.
    • Bulk wire upload capability.
    • Up to 3 layers of dual control, optional for internal transfers and outgoing transactions.
    • Internal transfers to multiple accounts at once.
    • ACH Positive Pay filter edits/changes.
    • Remote Deposit single sign-on capability.
    • Customizable transaction and balance reporting.
    • Account reconciliation tools.
  • Corporate O2 Mobile 
    • Positive Pay decisioning.
    • Payment and User approvals.
    • Business Mobile Deposit (agreement required)

I got a new phone or computer, what do i need to do to reset my two-factor authentication? 

Call the Treasury Support department at 630-966-2455. A representative will assist with the process of unregistering your current two-factor token, and you will then be able to register the information from your new token during the following login attempt.

I logged in for the first time and cannot see my accounts. what do i need to do to view my accounts on my dashboard? 

While logged into your Corporate O2 profile, click the "Manage Groups" link in the upper-left area of the accounts section. Locate the group where you would like to add your accounts, click the corresponding "Add Accounts" button, and select the accounts from the provided checklist to add them. When you save your changes, the dashboard should update automatically to reflect the settings you have chosen.

NOTE: These steps must be completed through the website in order to view your accounts on your dashboard in either the desktop or mobile app versions of the service.

can i add other functions or shortcuts to my dashboard?

Yes, you can customize your dashboard by clicking the "Configure Dashboard" button located in the upper-right area of the page. This will allow you to add new widgets to the page including options to schedule transfers, work positive pay exceptions, and approve payments. Configuring the dashboard will also allow you to click and drag, as well as resize the various elements of the page to suit your needs. 

All questions should be directed to Treasury Support at osbtreasurysupport@oldsecond.com or 630-966-2455

About Corporate O2

Corporate O2 will empower you to get the job done more efficiently with new enhanced features. CO2 is designed to assist Commercial Customers with feature-rich capabilities to manage day-to-day cash flow, accessing accounts information, transaction history, Positive Pay, Wires, ACH, and providing a simpler user experience.

Corporate O2 Terms

Enroll now

User Guides

Corporate O2 Tutorial Videos

 Live Demo
 Corporate O2 Log In
 First-Time Login
 Highlights
 Admin
 Dashboard
 ACH Payments
 ACH Uploads
 ACH Reversals
 ACH Recipients
 ACH Tax Payments
 Internal Transfers
 Positive Pay
 Reporting
 Wire Transfers
 Wire Beneficiaries
 ISO Wire Update

FX Wires
 Creating a Beneficiary
 Approving/Rejecting Beneficiaries
 Editing a Rejected Beneficiary
 Editing a Beneficiary
 Making a Payment
 Booking a Deal
 Approving Payments (Dual Control)
 Rejecting a Payment (Dual Control)
 Editing a Rejected Payment

Intuit® Information

 

Nacha Information

EFFECTIVE JUNE 19, 2026

NACHA Rules currently require Originators to establish and implement risk-based processes and procedures to reasonably identify ACH entries initiated due to fraud. Including, but not limited to, a fraudulent transaction detection system intended to screen when initiating ACH debits or when using Micro-Entries.

The new rule requires all non-consumer ACH Originators to establish and implement risk-based processes and procedures reasonably intended to identify ACH entries initiated due to fraud. The core focus of this rule is to mitigate fraud in ACH transactions, specifically targeting Unauthorized Entries: Transactions initiated without the account holder’s permission and Entries Authorized under False Pretenses: Payments resulting from deception, such as Business Email Compromise (BEC) vendor impersonation or payroll impersonation. 

We urge all Old Second National Bank business ACH Originators to begin assessing their current fraud controls immediately. You must work with your compliance, legal, and technology teams to ensure you are fully prepared before the mandatory deadline.

Failure to adhere to NACHA guidelines puts your ability to originate at risk. Your responsibility as an Originator means that you need to make sure your processes consider these important factors:  

  • Establish and Implement Risk-Based Procedures: You must define and apply processes and procedures, relevant to your role as an Originator, that are reasonably intended to identify outgoing ACH Entries that may be unauthorized or initiated under false pretenses.
  • Annual Review: These processes and procedures must be reviewed and, if necessary, updated at least annually to address evolving fraud risks.
  • Risk Based Approach: At minimum, you must conduct a risk assessment to identify high risk vs low risk transactions and apply appropriate monitoring measures. Note that a risk-based approach cannot be used to conclude that no monitoring is necessary at all.
 
Who does this new rule apply to?
This rule applies to all Old Second National Bank business customers who originate ACH files. Any business, government entity, or organization that initiates ACH transactions (such as payroll, vendor payments, or collections of customer payments) is considered a non-consumer Originator.

Is Old Second National Bank the only bank affected by the rule?
No, this was a mandated rule change by Nacha affecting all financial institutions that have business customers who originate ACH payments.

When do I need to comply with the new rule?
The NACHA deadline for implementing these essential fraud monitoring processes is June 19, 2026.

Does Old Second National Bank require me to use a specific software system?
No. The rule is principles-based, not prescriptive. It requires you to implement risk-based processes and procedures that are effective for your specific business. This can include:
  • Manual, documented internal controls
  • Utilization of new features in your accounting or payroll software
  • Adoption of a third-party fraud monitoring solution
Does this rule change my liability for ACH fraud losses?
No. This rule is a compliance standard for Originators, Third-Party Senders, and all Financial Institutions. It establishes a requirement for all Originators to have active, risk-based fraud monitoring. It does not change the fundamental allocation of liability for fraud under existing law, but it does require you to strengthen your controls to mitigate these risks.

What is “False Pretenses” fraud and why is it important?
“False Pretenses” refers to fraud scenarios where a payment is authorized based on an act of deception and is one of the threats you should consider when creating your fraud monitoring processes. This is a crucial addition to the NACHA rules because it covers many of the most damaging fraud schemes today, including:
  • Business Email Compromise (BEC): A fraudster impersonates an executive or vendor via email to instruct an ACH payment be sent to a fraudulent account
  • Impersonation: A fraudster calls or emails to trick an employee into changing payment information for a legitimate vendor or employee
  • Account Takeover:  A fraudster gains access to the credentials necessary to initiate a transaction and initiates a credit entry from the accessed account. The accountholder did not authorize the credit entry.
What other types of threats should I consider when implementing my fraud monitoring processes?
Effective fraud monitoring processes must be layered and tailored to your business. What you monitor should depend on your specific ACH transactions (e.g., payroll vs. vendor vs. collection of customer payments).

In addition to the rule’s requirements, your program should consider:
  • Unauthorized Withdrawals: How can you prevent external parties from pulling money without permission?
  • Internal Misconduct: How can you prevent misuse of payment authority by employees?
  • Compromised Credentials: How can you protect your internal systems used for managing payment information and activity?
  • Change Request Fraud: How can you verify the authenticity of payment instruction changes?
What are some examples of risk-based processes for my business?
It is important to remember that your ACH fraud monitoring processes are unique to your business. The processes you implement must be tailored to your specific structure, payment volume, and unique fraud risks. The examples provided below are for informational guidance only – they are a starting point, not a complete checklist. Your unique fraud monitoring processes may include a combination of the following procedural and technical controls:
  • Dual Authorization/Segregation of Duties: Requiring at least two separate individuals to authorize high-dollar payments or ACH files. No single person should be able to create, approve, and release a payment
  • Out-of-Band Verification: When receiving an email request for a bank account change (vendor or employee), verifying the change via a trusted secondary channel (e.g., a phone call to a known number on file, not the number listed in the suspicious email)
  • System Controls and Anomaly Detection: Utilizing your internal accounting or payment systems to automatically flag or alert you to unusual activity, such as:
    • Payments to a new vendor that exceed a set dollar threshold
    • Sudden increases in transaction volume or amount outside of normal business patterns
    • Unusual payment destinations (e.g., high-risk geographical locations)
  • Pre-Payment Account Validation: Utilizing ACH prenotes (zero-dollar verification) or third-party validation services to confirm the existence and ownership of a new vendor’s or employee’s bank account before the first live payment is initiated
  • Strong Access Controls (MFA): Limiting the number of employees who have access to your ACH origination system and enforcing Multi-Factor Authentication (MFA) for all users to protect against compromised login credentials
  • Review User Rights: Corporate O2 Administrators should review user rights regularly and promptly remove access for terminated or transferred employees who no longer require access
  • Dedicated Payment Workstations: Restricting the computers used to initiate or approve ACH payments from being used for high-risk activities like opening external email attachments or general web browsing
  • Formal Fraud Incident Response Plan: Maintaining a clear, documented plan that specifies the immediate steps to take if fraud is detected, including who at Old Second National Bank to call and internal protocols for isolating the risk
  • Mandatory, Continuous Employee Training: Implementing regular (e.g., quarterly) training for all staff involved in payments to recognize, question, and independently authenticate suspicious requests (a key defense against social engineering)
  • Secure Systems and Applications – Ensure maintenance of firewalls and make sure antivirus software is up to date.  Ensure all system components and software have the latest vendor-supplied security patches installed
Additional Payment Procedures to note:
Obtain proper authorizations, dependent upon the transaction type, and retain authorizations for two years past revocation.
  • If requested by the Bank, you must provide a copy of the authorization within 10 business days. The Bank may request to see your authorizations from time to time as part of an annual audit.
  • Send entries on the proper date.
  • Give appropriate notice to debtor if changing amount or date.
  • Cease subsequent entries when notified.
  • Make necessary changes to payee account information within three (3) banking days upon receipt of a Notice of Correction or before another entry is sent.
  • Protect the banking information received to originate transactions.
  • Ensure your computer and you are protected as outlined in the Bank Treasury Management Agreement.
  • Ensure the Originator is clearly identified as the source of the ACH transaction. Specifically, populate the Company Name Field of the NACHA formatted file with a name known to and readily recognized by the Receiver of the entry.
If you don’t have the newest version of the Nacha Operating Rules and Guidelines, you can purchase it directly from the Nacha website.

 

EFFECTIVE MARCH 20, 2026

Nacha is requiring the standardized use of specific transaction descriptions effective March 20, 2026. ACH originators are required to comply with Nacha operating rules.

  • ACH credits related to wages must use the description "Payroll"
  • ACH debits related to consumer e-commerce purchases must use the description "Purchase"

This rule applies to all ACH originators initiating these types of transactions and is mandatory by March 20, 2026. We recommend beginning to review and update your templates as soon as possible to ensure a smooth transition. Abbreviations to these descriptions are not allowed.

What you need to do:

  • When creating new ACH files, populate the Entry Description as outline

  • For Existing ACH templates, update your payroll files to include "Payroll" in the Entry Description field and "Purchase" for all relevant consumer e-commerce debits

  • If you use a third-party payroll or accounting software, reach out to them to understand how to implement this change

Visit Nacha for additional information regarding this rule change.

Intuit QuickBooks®, Quicken®, and Mint® are trademarks of Intuit, Inc.