Pub. 7 2018 Issue 1

January 2018 13 l e a d i n g a d v o c a t e f o r t h e b a n k i n g i n d u s t r y i n k a n s a s By Craig M. Collins, President, OneBeacon Financial Services SECURITY ALERT: WIRE TRANSFERS & PHONE HIJACKING W HILE WIRE TRANSFER FRAUD IS certainly not a new source of loss for community banks, it seems that criminals are constantly finding different ways to perpetrate this type of fraud. Recently, there has been a spike in wire transfer fraud losses involving the hijacking of customers’ phone lines Real-World Examples In three separate cases, banks received a request to transfer funds from a customer’s account. The fraudsters had the correct account information and there appeared to be no cause for concern. Each bank followed procedure by locating the customers’ appropriate phone number on file and performing a callback to verify the request. The callback number was answered by the “customer,” who verified the request. The banks then transferred the funds. In each case, the “customer” that was called for verification was actually a fraudster who had hijacked the real customers’ phone line. While it seems these banks followed appropriate procedures to prevent wire transfer fraud, there are additional steps banks can take to protect themselves and their customers. Risk Management Tips Start by reviewing the requestor’s account history and consider the following “red flags:” • Is it unusual for this customer to request a wire transfer? • Has there been a recent transfer of funds into the account from a home equity line of credit? Fraudsters frequently target home equity lines of credit since customers are not as vigilant in checking the status of these accounts. Additionally, information on the existence of these accounts is publicly accessible. • Are the funds being transferred to a foreign account? • Does the customer seem to be in a great hurry to complete the transfer? • Is the request coming from a legitimate email address? Rather than replying to the email request, create a new email and send it to the address you have on file for the customer. • Has the phone number on file for this customer recently been changed? Additional steps to help mitigate risk include: • Update customer files with alternate phone numbers so that callbacks can be made to multiple phone lines. • Use a multi-factor authentication method. Work with your customer in advance to determine at least three different security questions and answers that only they would know the answer to. When performing a callback during a transfer request, ask the customer each question. • Establish alternate electronic verification methods such as PIN numbers or security tokens. • Execute a written agreement that details who is authorized to execute a transaction, which accounts are eligible for transfers, what security measures and verification steps are in place, which communication methods are used and who is liable for what if fraud were to occur. • Encourage employees to view every wire transfer request with a healthy dose of skepticism. Anything out of the ordinary should be elevated to a bank officer for review. Summary With wire fraud schemes becoming more frequent and complex, it is more important than ever for banks to protect themselves against this formidable risk. Banks must be on the lookout for this trending method of fraud involving the hijacking of customers’ phone lines About OneBeacon Financial Services OneBeacon Financial Services offers property and casualty coverages for commercial banks, savings banks and savings and loan institutions, security broker- dealers, investment advisors, insurance companies and credit unions. Specialty coverages, including professional liability, trust errors & omissions, cyber liability and financial institution bond are additionally available for institutions with less than $3 billion in assets. Contact Us To learn more about how OneBeacon Financial Services can help you manage your unique risks, please contact Craig M. Collins, President, at ccollins@onebeacon.com or 952.852.2434. Visit our website at onebeaconfs.com or find us on: This article is provided for general informational purposes only and does not constitute and is not intended to take the place of legal or risk man- agement advice. Readers should consult their own counsel or other representatives for any such advice. Any and all external websites or sources referred to herein are for informational purposes only and are not affiliated with or endorsed by OneBeacon Insurance Group. OneBeacon Insurance Group hereby disclaims any and all liability arising out of the information contained herein