Pub. 5 2016 Issue 8

l e a d i n g a d v o c a t e f o r t h e b a n k i n g i n d u s t r y i n k a n s a s 32 1 OneBeacon Financial Services® A Member of OneBeacon Insurance Group® October 2016 | Issue 3 Security Alert: Wire Transfers & Phone Hijacking B Y C RAIG M. C OLLINS – P RESIDENT While wire transfer fraud is certainly not a new source of loss for community banks, it seems that criminals are constantly finding different ways to perpetrate this type of fraud. Recently, there has been a spike in wire transfer fraud losses involving the hijacking of customers’ phone lines. Real-World Examples In three separate cases, banks received a request to transfer funds from a customer’s account. The fraudsters had the correct account information and there appeared to be no cause for concern. Each bank followed procedure by locating the customers’ appropriate phone number on file and performing a callback to verify the request. The callback number was answered by the “customer,” who verified the request. The banks then transferred the funds. In each case, the “customer” that was called for verification was actually a fraudster who had hijacked the real customers’ phone line. While it seems these banks followed appropriate procedures to prevent wire transfer fraud, there are additional steps banks can take to protect themselves and their customers. Risk Management Tips Start by reviewing the requestor’s account history and consider the following “red flags:” • Is it unusual for this customer to request a wire transfer? • Has there been a recent transfer of funds into the account from a home equity line of credit? Fraudsters frequently target home equity lines of credit since customers are not as vigilant in checking the status of these accounts. Additionally, information on the existence of these accounts is publicly accessible. • Are the funds being transferred to a foreign account? • Does the customer seem to be in a great hurry to complete the transfer? Real-World Examples In three separate cases, banks received a request to transfer funds from a customer’s account. The fraudsters had the correct account information and there appeared to be no cause for con - cern. Each bank followed procedure by locating the customers’ appropriate phone number on file and performing a callback to verify the request. The callback number was answered by the “customer,” who verified the request. The banks then trans - ferred the funds. In each case, the “custome ” that was called for verification was actually a fraudster who had hijacked the real customers’ phone lin . While it seems these banks follow d appropriate procedures to prevent wi e transfer fraud, there are additional steps banks can take to protect themselves and their customers. Risk Management Tips Start by reviewing the requestor’s account history and consider the following “red flags:” • Is it unusual for this customer to requ st a wire transfer? • Has there be n a recent tr sfer of funds into the account from a home equity line of credit? Fraudsters frequently target home equity lines of credit since customers are not as vigilant in checking the status of these accounts. Addi - tionally, information on the existence of these accounts is publicly accessible. • Are the funds being transferred to a foreign account? • Does the customer seem to be in a great hurry to complete the transfer? • Is the request coming from a legitimate email address? Rather than replying to the email request, create a new email and send it to the address you have on file for the customer. • Has the phone number on file for this customer recently been changed? Additional steps to help mitigate risk include: • Update customer files with alternate phone numbers so that callbacks can be ma e to multiple phone lines. • Use a multi-factor authentication method. Work with your customer in advance to determine at least three differ - ent security questions and answers that only they would know the answ r to. When perfo ming a callback during a transfer request, ask the customer each question. • Establish alternate electronic verification m thods such as PIN numbers or s curity tok ns. • Execute a written agreemen that details who is uthorized to execute a transaction, which acc unts are ligible for transfers, what security measures and verification steps are in place, which communication methods are used and who is liable for what if fraud were to occur. • Encourage employees to view every wire transfer re - quest with a althy dose of skepticism. Anything out of the ordinary should be elevated to a bank officer for review. Summary With wire fraud schemes becoming more frequent and com - plex, it is more important than ever for banks to protect themselves against this formidable risk. Banks must be on the lookout for this trending method of fraud involving the hijack - ing of customers’ phone lines. SECURITY ALERT: WIRE TRANSFERS & PHONE HIJACKING By CraigM. Collins -President While wir transfer fraud is certainly not a new source of loss for community banks, it seem that criminals are constantly finding different ways to perpetrat this typ of fraud. Recently, there has been a spike in wir tr nsfer fraud losses involving the hijacking of customers’ phone lines. 1 OneBeacon Financial Services® A Member of OneBeacon Insurance Group® October 2016 | Issue 3 Security Alert: Wire Transfers & Phone Hijacking B Y C RAIG M. C OLLINS – P RESIDENT While wire transfer fraud is certainly not a new source of loss for community b nks, t seems that c iminals are constantly finding different ways to perpetrate this type of fraud. Recently, there has been a spike in wire transfer fraud losses involving the hijacking of customers’ phone lines. Real-World Examples In three separate cases, banks received a request to transfer funds from a customer’s account. The fraudsters had the correct account information and there appeared to be no cause for concern. Each bank followed procedure by locating the customers’ appropriate phon number on fil and performing callback to verify the request. The c llback number was answered by the “customer,” who verified the requ st. The banks then transferred the funds. In each case, the “custo er” that was called for verification was actually a fraudster who had hijacked the real customers’ phone line. While it seems these banks followed appropriate procedures to prevent wire transfer fraud, there are additional steps banks can take to protect themselves and th ir customers. Risk Management Tips Start by reviewing the requestor’s account history and consider the following “red flags:” • Is it unu ual for this cus omer to requ st a wire transfer? • Has there been a recent transfer of funds into the account from a home equity line of credit? Fraudsters frequently target home equity lines of credit since customers are not as vigila t in checking the status of these accounts. Additionally, information on the existence of these accounts is publicly accessible. • Are the funds being transferred to a foreign account? • Do s t e customer seem to be in a great hurry to complete the transfer?