Pub. 3 2015 Issue 2

Summer 2015 FRAUDULENT FUNDS TRANSFER—WHAT YOU NEED TO KNOW Guest Article Q&A with Tracey Santor, CPCU, AFSB, AIC, bond product manager, financial institutions, Travelers Bond & Specialty Insurance What do you see as one of the biggest risks facing Commu- nity Banks right now? On-line criminals fraud- ulently instructing financial institutions to send money to their accounts is a big concern. The act of wiring money from a bank account or line of credit to pay bills is easy and conve- nient, so more people are doing it. In fact, the primary clear- ing house for large banking transactions, Clearing House Interbank Payments System, or “CHIPS” reports that it moves approximately $1.5 trillion per day on its wireless network. The majority of these transactions take place without a problem but criminals have focused on hacking this method of transferring money to line their own pockets. With this in mind, funds transfer fraud and computer fraud are threats that every organization must consider. What is are fraudulent funds transfers ? When someone poses as a customer to take control of an account or line of credit to engage in unauthorized trans- actions. Can you provide an example? Your institution’s website receives what appears to be le- gitimate input from a business customer linking its payment account to an outside account at another institution. The username and password are valid and your other security procedures have been satis- fied. Through your website, your institution then receives instructions to transfer funds from the customer’s account to that outside account. Your institution complies. One week later, you are contacted by law enforcement and told that your customer was the victim of a scheme perpetrated by cy- ber-criminals; and fielding calls from the customer questioning your safeguards. Where does this leave my bank? Your institution’s security has not been directly attacked, but your customer’s security was somehow lacking the ability to prevent an intrusion. Now, you’re facing potential legal, regulatory, and maybe even reputational issues. What practices can my bank institute to help fight security breaches? For instances like the one mentioned above, customer and employee education are key. Educate customers and employees on procedures that enable consistent oversight of payments and accounts, and may reduce fraud risk. These include: SSC/Payment Factory setups, Dual Custody practices, and ACH Positive Pay. Also, consider verification proce - dures that are independent and spread through the different departments of the financial institution and encourage your customers to do the same. Fi- nancial institutions should have discussions with their custom- ers about purchasing com- mercial crime coverage which would protect the customer under the Fraudulent Funds Transfer insuring agreement. Finally, institute Multi-Factor / Multi-Channel Payment Au- thentication whereby the bank practices using: • Callbacks: prior verification of payment instructions to a predetermined telephone num- ber • Passwords & SMS ID Codes • Out of band verification • Other industry-accepted verification procedures Additionally, banks should speak with an independent agent, who can recommend the right insurance solutions to help protect against such risks. What about the cost to my organization? Cost concerns are important, but the cost to your business should this happen can be fur- ther reaching and include long- term damage to your reputa- tion. Some security procedures may have a cost associated with them but things like employee and customer education are practically free and can save fi - nancial institutions and/or their customers from being victims. Where can I learn more? In addition to insurance coverage that can help offset the impact of computer fraud risks, Travelers offers numerous educational resources, such as insightful loss-control articles and tips. Learn more at www. travelers.com/business-insur- ance/management-profession- al-liability/financial-institutions/ community-banks