In the last article, we talked about how your employees are your first line of defense when preventing wire fraud. Your second line of defense will be your business processes.
Cybercriminals change and expand their tactics constantly, resulting in the need for robust business processes that meet the challenge. Well-crafted procedures and communication protocols act as internal firewalls for employees who handle sensitive data.
Previous phishing attempts, such as the Nigerian Prince scam, were obvious to most people and it was easy to avoid falling victim. But today, 47% of small businesses suffered at least one cyber attack in 2018, and 44% of those experienced between two to four attacks.
By having a well-defined set of procedures to prevent wire fraud, you ensure your real estate business is ready for the ever-evolving strategies fraudsters use. Here are some tips to help you design your business processes.
Verifying identity is essential
Verifying identity at the beginning of a transaction where you are executing a wire is critical. CertifID’s identification platform works well for this. Using digital device analysis and knowledge-based authentication, our software is able to verify the identity of each transaction participant and flag any suspicious activity in real-time.
Email fraud grew by 87% in 2018, meaning the threat of fraudsters hijacking wire transactions is greater than ever. To combat this, you must make it impossible to change personal details during a wire transfer without appropriate verification of the new information. A dual control procedure allows proper authentication before acting on any new information.
Implement a dual control procedure
When the outcome of a wire transaction rests on one individual, there’s more room for error. The person who’s entering the information into your bank’s treasury platform should not be the one releasing it.
With a strong dual control procedure, the information is subject to additional validation before any funds get sent.
Be 100% sure of your data’s integrity
When handling a wire transfer, it is best to communicate directly with the person who will be sending you the funds.
With many people relaying information back and forth, inaccuracies can occur. This opens up opportunities that fraudsters could exploit.
Businesses that suffered cyber attacks were hit in multiple ways, with most incidents involving malware and ransomware variants. Using data obtained in these attacks, cybercriminals can target participants as transactions move towards completion.
Always verify the receipt and accuracy of all information before the other party initiates a wire transfer. This is of critical importance for buyers in real estate transactions as they must transfer the closing funds themselves. Their real estate agent, attorney, lender, or other advisor can’t do it for them.
Make sure all participants understand what follows the exchange of wiring instructions and that there is explicit confirmation of details from both parties.
Empower your employees
Let your employees know it’s acceptable to delay the closing or funding of a transaction if they aren’t 100% sure of the information’s integrity or that the money will arrive safely in the intended account.
In fact, you should encourage your staff to refuse wires if they don’t feel comfortable with any requests. In any instance where they have any concern with the parties legitimacy, they should send a check instead.
Secure all business data
Wire fraud doesn’t only occur through the internet, your physical office can also be infiltrated. Enforce a “clean desk” policy where documents containing sensitive information are kept out of sight, away from casual visitors.
Clients and visitors should be registered, given an ID badge that’s different from employee badges, and escorted while in the office. Monitoring visitor’s behavior while on your premises limits any opportunity to access confidential information.
Security doesn’t just stop at your office. Over 80% of North American C-suites believe the risk of a data breach is higher when employees work off-site. Mitigate your risks by restricting levels of access; only give permissions to parties directly involved in transactions. That way, if an employee’s device gets lost or stolen, it won’t allow unrestricted access to any important details about ongoing transactions.
Being prepared is key in recovering funds
Only 52% of small businesses have a clearly defined policy for cybersecurity. This low percentage demonstrates how unprepared organizations are for digital threats. Recovering from wire fraud depends on quick action, and that hinges on your business protocols.
It’s vital you obtain the full legal names and contact information of customers at the beginning of any business. All too often, the parties involved don’t share details until later in the process. This makes it easier for a fraudster to insert themselves into the proceedings, claiming to be a legitimate party.
Have protocols in place for wire fraud
Your team should be ready to act immediately to recall funds in the case of a successful wire fraud attack.
Here, advanced planning could mean the difference between a total loss and a full or partial recovery. Since fraudsters are moving money in real-time through mules, it’s a race. At the end, the fastest response determines who will keep the funds.
To get an idea of how to structure your protocol, you can start by downloading our groundbreaking whitepaper “When Minutes Matter,” which provides a step-by-step guide of how to recover wire funds in the event of a loss.
You should create internal communication protocols that immediately alert your team when wire fraud has taken place.
Choose an individual who will be responsible for leading the recovery effort. They will be the person communicating with banking partners, law enforcement, and legal teams and need to be ready at a moment’s notice.
They must know and understand the information required to initiate a wire transfer recall. A solid grasp of the sequence and manner in which the information must be implemented is essential. They will have to put in place the follow-up procedures needed until the funds have been identified, frozen, and returned to the proper account.
In the next post, we’ll discuss how you can use software to prevent real estate wire fraud.