Posts Tagged ‘escrow fraud’

email threat

Title Industry’s Cyber, Escrow Fraud Preparedness Needs Improvement

A national survey of title agents conducted by the American Land Title Association shows that our industry has farther to go when it comes to formalizing cyber and escrow security plans.

Results of the survey also hint that the threat landscape is becoming increasingly perilous for title agents, consumers and others involved in real estate transactions.

Of the survey’s more than 750 respondents, 63 percent said the number of cybercrime attempts targeting their company increased between 2017 and 2018. Roughly one-third of respondents also observed increases in fraud attempts targeting buyers, sellers and real estate agents over the same period.

Many title agencies have sought to combat the worsening cyber and escrow fraud threat by means of employee awareness.

More than half of respondents said their company reminds employees about the need to remain vigilant on about a weekly basis. More than 25 percent said those employee reminders are made on a monthly basis.

However, more than 20 percent of respondents reported that their company offers no training at all on cybercrime trends or red flags.

More troubling, however, is that despite the apparent increase in fraud attempts, just 62 percent of respondents said their company has a written cybercrime response plan.

Additionally, more than 40 percent of agents were not aware of or have not implemented ALTA’s Rapid Response Plan for Wire Transfer Fraud.

Smaller agencies — those with gross annual income below $1 million — were also somewhat less likely to have formal cyber response plans, wire retrieval plans or training programs than were larger agencies.

Survey results also show that cybercrime insurance coverage among title agents of all sizes is not as prevalent as one might expect given the apparent increase in fraud attempts. More than 27 percent of respondents said their company does not currently have a cybercrime insurance policy.

While most industry participants have made strides when it comes to protecting escrow funds and sensitive information, the survey clearly shows that gaps remain.

The survey also provides an opportunity for all of us to redouble our efforts, particularly when it comes to formalizing cyber response plans.

To help, we’ll be posting a blog series in the coming weeks that will provide simple, actionable tips for improving and formalizing response plans, as well as plans for wire retrieval and staff training.

We’ll also talk about the importance of cyber insurance and provide insight on how to get the right coverages for your business.

In the meantime, check out the growing library of cyber fraud resources on the Alliant National Education page. Alliant National agents can also watch our brand new Texas Continuing Education webinar on information and escrow security.

Are you covered

Cyber Insurance: Yes, you absolutely need it.

Cyber insurance is now critical to help protect your business.

Cyber attacks are becoming more frequent, clever and complex. Cyber insurance is now critical to help protect your business from major expenses, business loss, and regulatory fines and penalties.

General liability umbrella policies typically do not cover cyber events (Target’s insurance policy only covered 36 percent of its $252 million data breach costs).

This insurance comes in many different variations and costs, so it is important to know what product works best for you, considering and balancing coverage and cost.

Four key elements comprise essential coverage to protect against data breach and loss of customer data:

  • E&O
  • Liability
  • Network Security
  • Privacy

What is most important is that both cyber-crimes and liability are included in your coverage.

The policy may be a standalone, or a rider on to your existing policy. Always buy the most compressive coverage available that you can afford.

Here is why that is so important:

Broad coverage includes both first and third-party coverage. First party only covers your business, while third party will cover the claims against you from customers or clients as well as related damages and court costs.

The below comparisons show why you need both cyber-crimes and cyber liability coverage:

Event Liability Coverage Crime Coverage
Loss of funds (escrow and operational, personal) due to social engineering and electronic fraud or theft No Yes
Fraudulent electronic transfer or divergence of funds No Yes
Employee electronic theft No Yes
Forgery No Yes
Cyber extortion (ransomware) No Yes
Data breach expenses including legal costs, fines or penalties Yes No
Loss of assets and loss of business income Yes No
Recovery of systems and forensics; reputational damages Yes No
Economic damages through network security failure or failure of privacy controls Yes No

Consult with your insurance carrier for specific coverage offerings and cost and weigh the decision that is right for your business and budget. Remember, the broadest form of coverage will best protect you and your business so while it may be more expensive, your business will be better protected against the risks we face in today’s business environment.

hands clasping together

Partners in Wire-Fraud Protection: The Escrow Account Holder and the Bank

Wire fraud is a HUGE problem that only keeps getting bigger and bigger.

In fact, U.S. Representative Randy Hultgren (R-III) wrote a letter to Fed Chairman Jerome Powell on June 29th urging the Fed to be more proactive in regard to wire fraud and real estate transactions. The letter referenced the United Kingdom’s system of matching payees’ names as a possible solution to the problem of wire fraud.

However, we don’t have to wait until a federal law is passed that orders banks to match the payee name on the wire transfer payment to name on the payee’s destination bank account (“Beneficiary Bank”).

As title and escrow agents, we can be proactive and in partnership with the banks with which we do business.

So, what can we do right now?

First, we can know what our Agreement with our Escrow Account Bank says.

Does your Bank Agreement say that your bank will check the payee’s name with the name on the destination account when a wire fund transfer is initiated?

Or, does it say your bank need only rely upon the account number it was provided in the wiring instructions order? The answers to these questions might lead to an opportunity to have a discussion with your partnering Receiving Bank.

We can also send the wire instructions on the payment order, with explicit directions that acceptance be restricted to match the designated payee’s name on the Beneficiary Bank account. If it doesn’t match, then do not send the funds.

Lastly, if something does go wrong despite our best efforts and precautions, then notify both the Beneficiary Bank and the Receiving Bank as soon as possible. Typically, banks require notification of an unauthorized transfer or error within a defined time period such as, for example, thirty or sixty days.

Aside from any contractual or legal requirement for early notification, the sooner the problem is communicated, the greater the odds of the bank being able to halt or pull back the wire funds transfer.

For a great explanation of how a wire fund transfer works behind the scenes, view “Funds Transfer Law and Unauthorized Payment Liability.”

Embracing What If: When wire fraud happens

Really, that statement is about getting us to seriously consider the “what if.” For instance, “what if I suffered a data breach;” or, “what if, despite my best efforts, a criminal somehow managed to divert a wire to a fraudulent account?” Thinking about the “what if” is uncomfortable, particularly when it comes to wire fraud. We spend most of our time and effort figuring out how to avoid the “what if” scenario. The thing is, when it comes to attempted wire fraud, experience tells us that title agents who’ve spent time planning for “what if” are the ones who tend to get the money back.
data security

Don’t even hover your cursor over unknown or unverified links to stay safe from wire fraud

The title and settlement industry is blessed with great people, and that makes sense because our industry is built on being helpful.

We all want a smooth, efficient transaction for everyone involved. Unfortunately, our desire to be helpful and to keep things moving makes us a prime target for wire fraud.

So, how careful do we need to be when verifying the legitimacy of an email or even an incoming phone call?

Very careful.

Fraudsters know about us. They know how busy we can be, and they know how to prey on our traits to overcome our data and escrow security training.

They aren’t just looking to trick us. They aren’t practical jokers. They are truly insidious “social engineers.”

Let’s Connect

Discover more stories and conversations on our social media networks,
or drop us a line on our contact page.


The Independent Underwriter for
the Independent AgentSM