Pub. 9 2020 Issue 4

14 Keeping Customers Safe in a Remote Environment – Wire Fraud Contact us: Craig Collins, President, at ccollins@onebeacon.com or 952.852.2434. Visit our website at onebeaconfs.com. These daysmore people are working remotely than ever before andmany tasks previously done in person are happening online - including banking. Unfortunately, fraudsters are aggressively taking advantage of potential vulnerabilities that arise from this increased online activity. Businesses are acclimating to the current unusual circumstances by offering additional services virtually. For community banks, thismeans working with customers by email or online, allowing electronic signatures on important documents, among other virtual services, which opens up the door for an exposed environment. Should these cyber criminals gain access to Personally Identifiable Information (PII), they can easily pose as the bank “customer”, another financial institution, another party to the transaction, or even someone else within the bank looking to transfer funds. Whilewire transfer fraud is certainly not a newsource of loss for community banks, criminals have been exploiting the increase in electronic and remote banking.They are constantly finding different ways toperpetrate this type of fraud.Therefore, it’s extremely important to stay vigilant while customers and employees are remote. SecurityAlert –Wire Transfer Fraud involvingReal Estate LoanProceeds There has been a significant uptick inwire transfer fraud schemes involving real estate loanproceeds andwire transfer instructions purportedly froma title attorney/agent or someone else in the bank.The transfer requests andwire transfer instructions are coming in via phone, fax and email. Whenever requests and instructions are received via phone, fax or email –whether froma customer, another financial institution, a title attorney, a real estate agent, or even someone else in the bank – consider having employees follow the same out-of-band verificationprocedures that wouldbe performedon any otherwire request. Not just with the initial request and instructions, but alsowith any change in the request of instructions (i.e., whennewreceiving bank account information is received). PerformaWire Transfer Risk Management “Check-up” This could start by reviewing the requestor’s account and confirmthat the bankhas awritten agreement with the customer authorizing the bank to transfer funds on deposit in reliance on instructions received via phone, fax or email. Other considerations may include: • Is it unusual for this customer to request a wire transfer? •Has there been a recent transfer of funds into the account from a home equity line of credit? Fraudsters frequently target home equity lines of credit since customers are not as vigilant in checking the status of these accounts. Additionally, information on the existence of these accounts is publicly accessible. •Are the funds being transferred to a foreign account? •Does the customer seemtobe in a great hurry to complete the transfer? • Is the request coming from a legitimate email address? Fraudsters often use email addresses that are very similar to a customer’s legitimate email address (i.e., using the number “1” in place of the lower case letter “l”). Review email addresses closely. • Has the phone number on file for this customer recently been changed? •Has the receiving bank account information, or any other material detail of the request, recently been changed? Additional steps to help mitigate risk could include: •Updating customer files with alternate phone numbers so that callbacks can be made to multiple phone lines. •Using amulti-factor authenticationmethod. Workwith your customer in advance to record at least three different security questions and answers that only they would know the answer to. When performing a callback during a transfer request, ask the customer each question. • Establishing alternate electronic verification methods, such as PIN numbers or security tokens. • Executing awritten agreement that details who is authorized to execute a transaction, which accounts are eligible for transfers, what securitymeasures and verification steps are in place, which communication methods are used and who is liable (and for what) if fraud were to occur. • Elevating all out-of-the ordinary requests, and encouraging employees to view every wire transfer request with a healthy dose of skepticism. While it is understandable that the bank would like to make the transfer process as easy as possible for its customers and others involved, it is important for the bank to recognize the risks and take the necessary steps – before and after receiving the request – to protect its customer’s money and its ownmoney. Customers and others involved should understand that suchmeasures are to their benefit, and they should appreciate the relatively minor inconveniences associated with verifying the legitimacy of the requests. With wire transfer fraud schemes becoming more frequent and complex, it is more important than ever for banks to protect themselves against this formidable risk.