Posts Tagged ‘cybersecurity’

Woman outside holding a lapto pand a coffee cup with the words Mobility IT Solutions in the bottom right corner

Mobility IT solutions for anywhere, anytime communication

For many who work in real estate, the job site isn’t defined by a single location. Workers are often highly mobile, and their job responsibilities may require them to move from house to house to conduct closings and other business. To stay connected, collaborative and productive, these workers need access to cloud-native enterprise mobility solutions. When properly equipped, workers can stay connected to the data, channels and applications they need. Here is what you need to know about these technologies and what benefits they can bring to your business. 

What are enterprise mobility solutions? 

Enterprise mobility management (EMM) encompasses the processes, underlying technologies and solutions that enable enterprise mobility. More specifically, EMM includes things like software hosted over the cloud, applications optimized for mobile devices, VPN networks to boost security and programs like mobile device management. These technologies work together seamlessly to empower employees and enable greater organizational flexibility, while at the same time allowing administrators to conduct oversight of how devices and programs are being used. 

Streamlined processes                                                      

One of the biggest things remote workers gain when equipped with the right mobile solutions is process improvements. The right digital toolkit not only reduces the need for endless paper documentation, but it streamlines access to necessary business information, allowing employees to provide better customer experiences. 

Increased productivity 

For any business, finding ways to increase worker productivity is a key priority. When the right mobility solutions are deployed, real estate and title insurance employees can stay apprised of their most important tasks and responsibilities from anywhere on any device. Potential benefits from this include a reduction in lag times, easier collaboration and happier and more satisfied customers overall. 

Data security

While the rise of mobile has worked wonders for many aspects of business communication and collaboration, it is safe to say that it has introduced new challenges for data privacy and security. Real estate and title insurance are both data-intensive fields that routinely deal with sensitive customer data. Agents must have the means to secure that information. Without the right digital tools, your business runs the risk of experiencing a security-related incident and potential long-term damage to your brand. 

Reduced IT overhead 

Like any other business process, the more control and standardization you can exert over your IT setup, the more it can work wonders for reducing IT spending. Today’s enterprise mobility tools offer the type of visibility, convenience and functionality that can improve an agent’s job performance without saddling your company with a lot of additional costs. One of the ways they do this is by streamlining processes like file sharing. Another involves how enterprise mobility is one of the foundational technologies behind the rise of remote work. Businesses that successfully run and manage hybrid or remote workforces may achieve sizable savings in lower office costs, reduced employee churn and higher productivity. 

Equip yourself for success 

With the benefits of enterprise mobility being crystal clear, your next question might be: Where do I start? Well, unfortunately, the answer is going to be different for each agency. As I have said before, your organizational goals should dictate the type of IT solutions you employ – not the other way around. Spend some time thinking about what your needs are before you make any decisions. Don’t discount the value of getting a little help. Feel free to reach out to me at bjohnson@alliantnational.com with questions or if you would like to talk. With any luck, you’ll quickly find the right setup for your team and start taking your mobile operations to the next level. 

Best Practice illustration with tablet computer & ALTA logo on blue background

Best Practices Update Targets Agent Oversight of People, Processes and Technology

The American Land Title Association has published its ALTA Best Practices Framework version 4.0, featuring several significant updates to Pillars 2, 3 and 4 in response to what the trade group identified as a changed environment, including new laws, increasing fraud threats, and more complex technology.

On a recent ALTA webinar explaining the changes, the association listed a litany of ways the industry has changed over the past decade, including earnest money apps, remote workers, an explosion of new technology, remote online notarization, more sophisticated fraud, real time payments, and a growing technology environment that includes a complex web of third-party integrations.

Because of the drastically different environment in which title agents are now working, ALTA has broadened its focus to address increasing complexity in operations, including safety, customer experience and efficiency.

“These revisions have been made with the specific objective of allowing agents and direct operations to continually improve their practices and procedures to ensure financial, data security and operational stability, and to provide lenders and other constituents with the assurances that their needs are being fulfilled by these efforts,” ALTA said in its official release of version 4.0 on January 23.

For Alliant National agents, it is important to note that the implementation date of May 23 will affect assessments and renewals, which if conducted after that date, must be based on the 4.0 framework.

Let’s take a look at some of the most significant changes.

Pillar 2: Escrow Accounting:

ALTA made several changes to Pillar 2, including updating the treatment of non-settled funds and outstanding file balances, use of fintech applications, escrow funds training, and wire transfers.

Loss of Funds

The Pillar 2 purpose section was updated to note that the loss of funds in a transaction may fall outside of E&O coverage and could become the responsibility of the title agency.

Fintech Applications

In addition to having policies and procedures in place that prohibit or control the use of ACH transactions and internal wire transfers, agents must also ensure procedures are in place for electronic/digital receipt of funds from web-based fintech applications.

When using a third-party earnest money deposit or disbursement platform that facilitates digital transfer of escrow account receipts and disbursements, the agent must ensure the platform meets good funds law requirements and is not subject to the Electronic Funds Transfer Act (EFTA), which would allow for reversal of consumer payments.

On the ALTA webinar, association representatives noted that one of the most important changes agents should pay attention to is the requirement that they carefully vet platforms they are using to receive incoming funds to make sure those platforms do not allow for reversal of funds.

Along those same lines, in the previous versions of the Best Practices, agents were absolutely prohibited from accepting and wiring out funds before they had cleared.

Recognizing that agents were sometimes taking this risk in extenuating circumstances, the new language provides some leeway, saying that agents should ensure that undue risk is not being undertaken for deposits that are not fully settled.

As an example, a title agent may accept a check after a closing for an inconsequential amount – $20 for example – but are prohibited from incurring the risk of accepting a substantial amount of money and wiring out before it has cleared. The level of risk should be commensurate with the amount of money being risked and the company’s size and ability to assume that risk, and that threshold must be determined by each company.

Wire Transfers

Given growing security concerns over the vulnerability of wire transfers, agents are now required to have documented procedures to verify wire transfer instructions independent of the initial communication, and those verification procedures should include multi-factor authentication (MFA). (See ALTAs Outgoing Wire Preparation Checklist)

Best practices were also updated to recommend the use of wire verification services, with the caveat that those providers should be vetted to assess risk of use, security protocols and the provider’s ability to protect consumer data.

ALTA pointed out during the webinar that companies can have the most sophisticated policies to protect themselves against wire fraud but may still find themselves exposed to risks due to human error. Wire verification services, where they are available, efficient and economical, should be used as another tool to prevent fraud.

Background Checks

While the original best practices required agents to get background checks only on employees who had access to customer funds, the updated procedures extend that requirement to all employees at the time of hire with updates every three years thereafter.

Aging Escrow Balances

Procedures are updated to require that managers review and approve any activity in aging escrow file balances.

Pillar 3: Privacy and Information Security Programs to protect NPI

ALTA made important updates to many aspects of an agent’s responsibility to protect NPI, including physical protection, cloud security, and the agent’s incident response plan.

Written Information Security Plan (WISP)

One of the most extensive changes to Pillar 3 is the requirement for a written information security plan (WISP) and a privacy plan to protect NPI as required by local, state and federal law. Specifics of the updated procedure include:

  • The use of MFA for access to systems containing NPI
  • A password management plan that requires unique login names and system passwords to access systems containing NPI
  • System passwords must meet minimum standards, which include:
    • reentry of the password after system idling
    • passwords that expire after a certain period of time
    • difficult-to-guess passwords that include upper- and lower-case letters, special characters and a minimum length of eight total characters
  • Timely software updates, which when left outdated, can result in data breaches, cyberattacks, ransomware attacks and other NPI exposure

Background Checks

One additional requirement is that access to the company’s information systems must be granted only to authorized employees and authorized service providers who have undergone background checks.

This extends to physical access as well, with version 4.0 adding the caveat that only authorized employees and authorized service providers who have undergone background checks should be allowed access to desk, cabinets or storage areas where NPI is housed.

Miscellaneous Changes

Other changes to Pillar 3 include:

  • Extending network security requirements to use of cloud systems, virtual equipment, data centers and third-party hosting
  • Updating the disaster recovery and business continuity plan to specifically include a compromise of systems or facilities
  • Adding language that notes the inclusion of continuity of operation for consumer settlements and timely notification to all parties in case of any delays due to a disaster
  • Noting that the written incident response plan should follow the recommendations of the ALTA Cybersecurity Incident Response Plan
  • Specifying that service provider policies are to be consistent with the company WISP – including IT consultants, outsourcing company employees and third-party software employees. Software tools and resources are also to be consistent with WISP

Pillar 4: Settlement

Pillar 4 updates increase an agent’s responsibility for vetting internal and external signing professionals and for selection of remote notarization platforms, as state law and underwriter guidelines have changed dramatically since the pandemic. As part of the new consumer focus, changes were also implemented related to staff training and consumer notifications.

Training

Pillar 4 is updated to include training for staff to provide a framework for:

  • Minimizing errors
  • Enabling a timely response to concerns raised following a settlement
  • Addressing consumer complaints

This updated requirement for improved training calls for agents to created a formalized training program for every aspect of the title and escrow process. While it may have been sufficient in the past to ask a new hire to shadow another employee for a few days to learn the procedures, ALTA has now determined an informal approach can lead to inconsistencies and errors.

A formal training program can ensure everyone within the agency is handling each aspect of the process in exactly the same way. It also overrides the dangers of a new employee from going rogue and “doing it the way we did it at my previous agency.”

Most importantly, the updated Best Practices framework encourages agents to document every aspect of the training so that all managers within the agency follow the same protocols when training a new employee.

Remote Online Notarization (RON)

Agents whose employees will be notarizing documents via remote notarization are required to select a platform authorized by the state in which the notary is located and one that is approved by the agent’s title underwriter. Returning once again to the issue of NPI, the updates require the agent to ensure the platform is capable of meeting the minimum requirements of the state, including retention of the video and safeguarding NPI. This same level of oversight is required if the agent engages a third-party to notarize documents via RON.

Signing Professionals

As with RON oversight, responsibility is placed on the agent to verify signing professionals have state and contractually required licensing and insurance. In addition, agents must perform background checks for signing professionals employed by the company and ensure that third-party signing professionals have the required professional designation, insurance and bond.

Miscellaneous Updates

Pillar 4 includes several other miscellaneous updates, including:

  • A requirement to provide an affiliated business relationship disclosure in compliance with state and federal law
  • Guidance for additional procedures to follow when using an e-recording vendor
  • New guidance in the payment of fees or tax for escrow trust accounts

Pillars 5, 6 and 7

Only one update was made to Pillar 6, which is a new mandate to review cyber, crime, and E&O coverage limits and exceptions annually.

No substantive changes were made to Pillars 5 and 7.

Updated Documents

As part of this revision, ALTA also published the following ALTA Best Practices Framework documents, available at https://www.alta.org/best-practices/.

  • The Best Practices Assessment Procedures
  • Internal Assessment Report and Letter
  • Third-Party Assessment Report

Alliant National agents are encouraged to carefully review current policies and procedures in light of these important best practices updates. This is especially critical for agents who are facing assessments after the May 23 implementation date.

Please contact your Alliant National underwriting counsel if you have any questions or concerns as you review and implement these new policies.

SSIS video thumbnail

Cyber Fraud Trends And Business Insurance – Are You Protected?

Cyber criminals are busier than ever. Staying safe requires fraud awareness and the right business insurance coverages. Jerome Magana of SSIS Securance and Tom Weyant, Alliant National’s Risk Management & Data Privacy Officer, sit down to discuss the latest fraud trends and tips for making sure your businesses is positioned to recover in the event of a cyber fraud attack.

graphic of FBI BEC and Real Estate Wire Fraud 2022 Report

FBI Pivots Investigative Energy To Real Estate Wire Fraud

In a November report to Congress on business email compromise (BEC) and real estate wire fraud (REWF), the FBI announced enhanced efforts to put the brakes on what has become one of the most financially damaging crimes in the United States.

According to the FBI report, BEC has been the largest dollar loss by victim crime typology reported to IC3 in the past several years, with over $2.4 billion of losses in 2021.

“For comparison, the second highest dollar loss category reported to IC3 was investment fraud, with losses of approximately $1.45 billion,” the FBI reported. “In other words, dollar losses associated with BEC were over 65% more than dollar losses associated with investment fraud.”

The FBI noted in its report that criminals have been refining their exploitation of technology, especially the internet, to carry out financial crimes, logging substantial increases in internet-enabled financial frauds such as bank account takeovers, synthetic identity related frauds, money laundering through virtual currency, and BEC.

“The FBI has pivoted its approach to address this issue through gathering intelligence, utilizing advanced investigative techniques in conjunction with traditional financial crimes investigative techniques, using proactive public and private partnerships, and education and awareness campaigns,” the agency noted in the report.

Real estate wire fraud in the crosshairs

REWF is a sub-category of BEC, in which criminal actors target individuals or companies executing large wires related to real estate transactions. As our agents are aware, the criminals pose as parties to the transaction and directly communicate with the other parties to steal funds intended to pay for the real estate.

According to IC3 complaint data, victims participating at all levels of a real estate transaction have reported such activity, including title companies, law firms, real estate agents, buyers, and sellers. The FBI has specifically focused on addressing REWF due to its prevalence in the U. S. and the effect it can have on the individual victims of the REWF schemes, who may be home buyers wiring their life savings.

These schemes and the preventative measures that title agents can take have been detailed in Alliant National’s 2022 Escrow Fraud/Social Engineering White Paper.

In its report to Congress, the FBI updated its preventative measures to include the following recommendations:

  • Use secondary channels or two-factor authentication to verify requests for changes in account information.
  • Ensure the URL in emails is associated with the business/individual it claims to be from.
  • Be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Refrain from supplying login credentials or PII of any sort via email.
  • Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s address appears to match who it is coming from.
  • Ensure the settings in employees’ computers are enabled to allow full email extensions to be viewed.
Escrow Fraud/Social Engineering cover

First published in 2017 and fully updated by Alliant National’s Compliance, Risk and Education teams, the paper provides information, tips and suggestions to help you better understand the current threat environment and create a comprehensive plan that addresses the realities we face in our industry.

Filling in the Gaps

The FBI has had considerable success in reclaiming lost funds through the IC3’s Recovery Asset Team (RAT) program, since its inception in 2018.

The RAT is designed to assist FBI field offices with the rapid recovery of funds for victims who made transfers to domestic accounts. In 2021, the RAT reported just over 1,700 incidents, with losses approaching $445 million. According to the FBI, the RAT was able to recover more than $328 million of the $445 million.

But there is more work to be done and the FBI has identified vulnerabilities which, if addressed, would bolster the ability of U.S. law enforcement to effectively address a wide range of threats, including BEC.

The first is getting access to beneficial ownership information to track funds that end up in accounts controlled by shell companies.

“The Corporate Transparency Act (CTA) provides for the creation of a national, non-public database of underlying beneficial ownership information for U.S.-registered businesses that meet specific criteria,” the FBI noted. “The data collected will be made available to U.S. law enforcement, subject to certain guardrails, offering a critical resource for identifying participants in a BEC scheme.”

On Sept.  29, the Financial Crimes Enforcement Network (FinCEN) issued the first of three rulemakings to implement the CTA, governing who must report and what information they must report to FinCEN. The final rule will take effect on January 1, 2024.

The effectiveness of this reporting requirement is as yet unknown, and there is some concern that the CTA exempts from its reporting requirements various types of entities, including trusts, which may affect efforts to identify the beneficial owners of trusts or other entities engaged in REWF.

The FBI is also recommending that UCC 4A-207 be redrafted to require banks to properly identify the name and number of the beneficiary and to determine they are in fact the same individual or entity. Currently, a bank may simply rely on the number as the identifier, without requiring a check to see if it is actually connected to the named beneficiary.

Cyber security #1 priority in 2023

As the threat from cyber criminals continues to escalate, it is imperative that our agents review their procedures for protecting client funds.

You can begin today to assess your systems and educate your staff to make sure every possible precaution has been put into place. We hope our Escrow Fraud/Social Engineering White Paper will be helpful in this work. Alliant National is committed to updating our agents to help you understand and respond to the current threat environment. Feel free to reach out to your agency representative, or any member of the Alliant National team if you have any concerns.

Male Fraudster with phone on dark background

Claims Blog: BEC/EAC – They’re (Still) Here!

The Federal Bureau of Investigation (FBI) has labeled business email compromise (BEC)/email account compromise (EAC) as “one of the most financially damaging online crimes” as it is “the top cyber threat.” BEC/EAC is a scam in which fraudsters trick an unsuspecting party, typically by using a variety of social engineering and phishing tactics, into making payments to fraudulent accounts.  

Since 2016, over $43 billion has been lost through BEC/EAC attacks. In 2021, U.S. losses attributed to BEC/EAC cybercrimes were reported to be almost $2.4 Billion. This is more than one-third of the total cost of all cybercrimes reported to the IC3 in 2021. In a recent article from Security Magazine, the author noted that email cyberattacks have increased by 48% in just the first half of 2022. It is no surprise that the title insurance industry has been the target of fraud schemes for many years, especially with wire transfers being utilized more often.

Some common schemes we continue to see include:

  • Seller Spoof – fraudsters impersonate the seller (using an email address that may only be slightly different from the original, or using the actual seller’s email), and provide alternate bank account information for the seller proceeds.
  • Lender Spoof – in a transaction involving the payoff of a prior lender, fraudsters impersonate the prior lender. They often modify the original payoff provided by the prior lender (or create one) with wiring instructions for a fraudulent account.
  • Buyer Beware – fraudsters pose as the settlement or real estate agent using a similar email address, and instruct the buyer to wire their down payment funds to a fraudulent bank account.

There are many ways to protect a person or a business from becoming a victim of these costly schemes. A few tips include:

  • Meticulously examine the email address, URL, and spelling used in any correspondence. Fraudsters use only slight differences hoping you do not critically analyze the spelling.
  • Be suspicious about opening any email attachments from someone you don’t know and be wary of email attachments forwarded to you as they may include malware or other malicious software.
  • View all changes to wire instruction with extreme caution.
  • Always independently verify with the company any payments or wires being sent to a third-party by contacting them at a legitimate number, and be leery of any last-minute changes to account numbers or payment procedures.
  • Confirm with the intended recipient that the wire was received.
  • Be extremely suspicious if the requestor is pressuring you to act quickly.

If you do become a victim, do not wait to take the next steps since time is critical in this process. Have a plan in place and be prepared to:

  • Notify your office management.
  • Notify your financial institution and the recipient’s financial institution.  
  • Contact local law enforcement.
  • Contact your local FBI field office.
  • Contact your cyber-insurance, escrow security bond, and error and omissions provider.
  • File a complaint with Internet Crime Complaint Center (IC3).
  • Contact your title underwriter.

With our increased dependency on technology and the pace of our industry, we cannot let down our guard – we must stay vigilant! Heed the warning that fraudsters are not slowing down or giving up on these fraudulent schemes. If you are presented with any of these situations, the key is to be able to recognize the scam and then shut it down before it can infiltrate your transaction and create a web of issues.

You can learn more about identifying and preventing fraud by downloading Alliant National’s white paper – Escrow Fraud/Social Engineering: Recent Schemes and Prevention Tips.

Resources:

Escrow Fraud/Social Engineering: Recent Schemes and Prevention Tips, Alliant National Title Insurance Company

Email cyberattacks increased 48% in first half of 2022, Security Magazine: https://www.securitymagazine.com/articles/98145-email-cyberattacks-increased-48-in-first-half-of-2022

FBI – Business Email Compromise: https://www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/common-scams-and-crimes/business-email-compromise

FBI – Internet Crime Complaint Center (IC3): https://www.ic3.gov/

Let's Connect

Discover more stories and conversations on our social media networks,
or drop us a line on our contact page.


The Independent Underwriter for
the Independent AgentSM