Posts Tagged ‘fraud’

CISA 2024 cybersecurity awareness month photo

What Title Agencies Should Know This Cybersecurity Awareness Month

Use this year’s spooky season to assess your strategies and ward off the specter of cybercrime.

For many people, October is associated with ghosts, goblins, tricks and treats. But for those involved in IT, it represents something equally scary: the unpredictable cybersecurity landscape facing businesses today. You see, October is Cybersecurity Awareness Month, and it’s the perfect time for title agencies to reassess their digital defense strategy. Let’s review some top priorities and best practices to ensure your strategy is working as efficiently as possible.

The undeniable importance of cybersecurity in title insurance

Title agencies are no strangers to handling large amounts of sensitive and personal information, as collecting and transmitting data is key to any successful real estate transaction. However, it can be challenging to know which aspect of your security to focus on, especially with so much information out there about threats, breaches, and solutions. Cutting through this noise requires a careful strategy that aligns with your agency’s specific needs, goals, and risks. For title agencies, this means focusing on solutions that protect sensitive client information, prevent wire fraud and ensure compliance. Let’s dive deeper into how you can ensure you achieve each of these priorities.

Investing in data protection

Achieving comprehensive data protection means examining and securing potential attack vectors. Let’s take email as an example. Email is one of the top ways in which cyber criminals exploit a business’s defenses and breach critical systems, especially in the real estate industry. Techniques like multi-factor authentication, encryption, mail filters and domain-based message authentication are all non-negotiable if you want to keep your people and agency safe. But that’s just the tip of the iceberg. One of the main ways that attackers harm businesses is through human error, which means that any technology solutions you implement must also be paired with security awareness training. These programs are invaluable for training team members on how they can spot suspicious or dangerous email activity and take action to keep systems and data safe.

Protect against wire fraud

Easily one of the most well-known cyberthreats to title agencies is the scourge of wire fraud. Fraudsters frequently target transactions by intercepting wire instructions and diverting funds into their accounts, often with devastating consequences for both title agents and consumers. While encrypted communication channels and stringent verification methods — such as multi-factor authentication and verbal confirmations — are critical to combating this threat, comprehensive verification solutions are equally essential. SecureMyTransaction, developed by Alliant National, is one such solution. It helps agents verify transaction participants and performs both bank account and business verifications. By integrating solutions like this alongside educating clients on best practices, you can significantly reduce the risk of human error and safeguard your transactions.

Don’t forget compliance

Closely connected to agency security is the issue of regulatory compliance. Agencies are subject to many industry standards and requirements. You must always be mindful of whether your cybersecurity strategies are in alignment with these obligations. Routine audits of your security practices and activities can provide greater visibility and ensure ongoing compliance, which is essential to avoiding fines. I can’t stress enough how important it is to be proactive rather than reactive with this aspect of your security. Your company’s very reputation hinges on it!

Stay safe during Cybersecurity Awareness Month and beyond

When October comes around each year, there is always a lot to look forward to. The weather is cooler, the air crisper. Jack-o’-lanterns begin showing up on doorsteps. And everywhere leaves are bursting into color. While digging into your cybersecurity strategy may not sound as fun, October’s Cybersecurity Awareness Month is a great moment to stop, reflect and recalibrate for a successful year ahead. By taking a hard look at how your agency is handling data protection, wire fraud and regulatory compliance, you can reduce your risk and move into the final stages of the year with greater confidence in your agency’s security. You may still have ghosts, goblins and even mischievous trick-or-treaters to deal with, but at the very least, you’ll know you’ve taken steps to keep cybercriminals at bay.

Crime watch program graphic featuring. Asbury Land Title

Trust And Verify To Stop Fraud

How a small agency deals with the big problem of fraud.

As a small, three-person office, Asbury Land Title is no stranger to collaborating on difficult challenges. “We all work together in getting things done,” said Jessica Taylor, Closing Officer at Asbury Land Title. The agency’s employees are also no strangers to trusting each other’s intuition. When someone has a “gut feeling” that a transaction may not be entirely legitimate, for instance, the entire team pitches in to conduct necessary research and follow-up.

This potent mixture of collaboration and intuition proved instrumental when Asbury Land Title recently was confronted with a fraudulent transaction. They successfully stopped the bogus deal and earned recognition from Alliant National’s Crime Watch Program.

Trusting your gut

In the beginning, nothing appeared amiss with the transaction. “It was a single-family home in a nice neighborhood,” said Taylor. But as with many illegitimate transactions, it didn’t take long for red flags to emerge. The first warning sign was the buyer’s address, which was in Canada. Then, there was the issue of earnest money, which was much higher than the normal range. Finally, the transaction order itself raised concerns, such as the signatures and dates appearing in different fonts. These details were more than enough for Taylor to intuit that greater scrutiny was warranted. 

Sleuthing out the truth

After deeming the transaction suspect, Taylor began collaborating with the rest of her team to verify whether it was truly fraudulent or not. They looked up the buyer’s address on Google Earth, which returned what appeared to be a restaurant. Reviewing the result, the team thought there might be “an apartment above the restaurant but couldn’t be sure.” Spotting a REMAX office on the same street, they thought about contacting the business to see if they could verify whether it was indeed an apartment above the restaurant and to potentially “make contact with the buyer in person.” However, before they could reach out, new information emerged about the seller.

Stopping the “seller”

While hunting down information on the buyer, Taylor was also simultaneously working to verify the seller. “I had originally found the property on a ‘for sale by owner’ website and had sent a message to the seller asking them to please contact us.” She also noticed that information about the seller’s wife was missing. Additional research revealed that the seller’s wife’s mother had passed away recently, which gave Asbury Land Title another lead to pursue. They called the funeral home, which eventually put them in touch with the actual seller and allowed them to terminate the transaction.

An emotional journey

This transaction had a positive resolution, in addition to a few lessons applicable to anyone working in title insurance. First, finding the truth required Taylor and the Asbury Land Title team to trust their instincts and leave no stone unturned while conducting additional research into the transaction.

The story also highlights the emotional impact agents can make when they take all necessary steps to protect their transactions from fraud. As Taylor explained: “The seller was grateful to us for tracking him down. And I was excited as well. It was like solving a puzzle. Once that final piece was found, we were able to glue it together.”

Having that type of effect at your work is a rare thing indeed. While stopping fraud can be challenging and require additional effort, the payoff at the end of the day makes it work well worth doing.

Would you like to learn more about the Alliant National Crime Watch Program or submit your own experience for consideration? Find out more here.

SMT header with ALTA Elite Provider Badge

SecureMyTransaction is now an ALTA Elite Provider and includes new features to promote business growth

It’s hard to believe that it has already been one year since Alliant National and our technology partners launched SecureMyTransaction in response to the urgent need for robust, scalable fraud prevention and identity verification tools. Over the last year, many of you have provided feedback on our service, and I am humbled by the stories I’ve heard about how SecureMyTransaction has helped defend against fraud. Seller impersonation, vacant property fraud, wire fraud, and deed and document forgeries are deeply damaging to our industry and the consumers we serve, and I sincerely thank you for your valuable input.

Thanks in large part to your help and support, I am proud to share two significant updates regarding SecureMyTransaction.

First, the American Land Title Association (ALTA) has announced today that SecureMyTransaction has achieved ALTA Elite Provider status. As part of that process, SMT was rigorously vetted as a provider and received recommendations from ALTA members. This designation is an important milestone and affirms SMT’s effectiveness in helping agents respond to increasingly sophisticated fraud schemes.

Second, we’re excited to announce that this week, SMT is being updated to include new features allowing you to customize the user experience with your branding, the branding of your real estate partners, and even lenders. This includes incorporating your logos, contact information, and messaging for a seamless, integrated ID verification experience that reflects your unique business style. With this added ability to customize the platform, SMT not only offers protection but also supports brand visibility and business growth.

We remain committed to growing and enhancing SecureMyTransaction, and your feedback will guide our efforts. You can also follow updates at SecureMyTransaction.com.

If you have thoughts or questions about SecureMyTransaction, please reach out to me or any member of our team.

David Sinclair, President & CEO for Alliant National signature block
Two women, Lisa Yates from Alliant National and Nikki Vantilburg from Manatee Title, smile while holding a white envelope. The top portion displays the text "Crime Watch Program" against a blue background with subtle imagery, while the bottom right section shows their names on a blue background with shooting stars graphic.

Manatee Title: Keeping a Close Eye on Fraud

Fighting fraud with technology and human tenacity

In the title industry, few transactions raise eyebrows faster than vacant land. These deals are highly susceptible to fraud, which made Manatee Title Closing Officer Nikki Vantilburg understandably cautious when a recent vacant land transaction landed on her desk. Noticing obvious warning signs about the transaction right off the bat, Nikki decided to investigate further and deploy Alliant National’s new fraud detection tool, SecureMyTransaction, as an additional safeguard. By taking these steps, she confirmed her suspicions, prevented loss and ended up being recognized by Alliant National’s crime watch program. Her example shows how combining human tenacity with technology leads to safer, more successful transactions.

A common problem

Vacant land transactions are far from uncommon in the title industry. “We get a lot of them in Citrus County,” said Vantilburg. But familiar never means free from risk. Title professionals must often apply greater scrutiny to vacant land deals than they might to other transaction types, as they often have characteristics that make them targets for fraudsters, like:  

  • Absentee owners
  • Dense ownership histories
  • Complex zoning requirements; and
  • Lack of a clear title

As an experienced agent, Vantilburg is well-versed in the risks involved with processing vacant land transactions. That’s why she took particular care when examining a recent vacant lot transaction that was located not far from Manatee Title’s Florida offices.

Checking and double checking the data

The first thing Vantilburg did after opening her investigation was to double check the transaction’s information by utilizing tools and information provided by Alliant National. “We had gotten some literature and tips from Alliant National a while back, [saying to] check if there’s a [listing] agent involved and see [if] they have met the seller in person,” said Vantilburg. Connecting with the agent did little to allay her concerns, however, as they had never met the purported seller. Further digging yielded fresh red flags. These included tax documents that showed that the seller’s location was in Ontario and an ID with inconsistent fonts throughout the document.

Multiple layers of proof

Reviewing these warning signs, the Manatee Title team concluded that they likely could not move forward, and instead, would work to establish “multiple layers of proof” that the transaction was indeed fraudulent. To accomplish this, Vantilburg turned to Alliant National’s new fraud prevention and identity verification tool, SecureMyTransaction. She quickly set up the file and sent out the link to the “seller.”

“I didn’t hear anything for over 24 hours,” she said. “He then finally answers me and says, ‘You know, well, I’ve had a security compromise with my computer. So unfortunately, I can’t click on any links because it crashed my computer.’ He then sent me the same ID that he had sent to the listing agent – you know, the fake ID.”

The final straw

After taking all these steps, Vantilburg had a final card to play to establish that the transaction was fraudulent. During her initial research before deploying SecureMyTransaction, she found the obituary of the seller’s wife, which listed that she had been deceased since 2017. After the “seller” refused to engage with SecureMyTransaction and offered to send his ID instead, Vantilburg casually asked him if he and his wife would be signing the transaction documents together. He responded that they would – proving that he was a fraudster operating in bad faith. This was all Vantilburg needed to conclude her investigation, deem the transaction fraudulent and notify relevant parties.

Using all available means to defeat fraudsters

Manatee Title’s handling of this transaction serves as an informative blueprint for responding to endemic fraud within the title industry. Vantilburg’s savvy research skills provided evidence that the transaction was likely illegitimate. The seller’s unwillingness to cooperate with the agency’s fraud detection tool furthered these suspicions.

All in all, the experience showed how combining technology and old-fashioned human tenacity is a formidable way to beat fraudsters at their own game. Reflecting, Vantilburg echoed these sentiments: “Make sure the person you’re working with is doing what they are supposed to be doing. And sign up for SecureMyTransaction. If they aren’t willing to cooperate with the tool and with your efforts to secure the process, that’s a pretty big indication that there might be a problem.”

Are you an Alliant National agent who has detected a fraudulent transaction in your work? Learn more about the Alliant National crime watch program. And if you’d like to get started with SecureMyTransaction in your agency, you can learn more about the product here.

Data Breach Prep: Maryland

When a data breach occurs, it’s an intense, frightening moment. Who you ‘gonna call? Ghostbusters aren’t the ones for this job, so the best way to make the specter of a breach less scary is to have an incident response plan in place; to know what your legal and regulatory requirements are; and to have the contact information that you need close at hand.

While this new series of blogs is not intended to provide legal advice, it is intended to provide you with recommendations for resources that may be useful; to increase awareness regarding notification and reporting requirements; and to provide helpful notification contact information, unique to each state. In each issue, we will present you with contact information regarding a different state in which Alliant National is licensed, and in which you may be its appointed agent. It is up to you to make sure that you know when to use these contacts – either because you are legally required to do so, or because you have optionally decided to provide notification. Lastly, for our legal disclaimers, we’ve made our best efforts to acquire the correct and current contact information, but we can make no guarantees as to its accuracy or that the information will not change over time.

Understanding State Reporting Responsibilities

There are two kinds of laws that impact your reporting responsibilities: (1) state data breach notification laws that generally apply to all entities who “own” data, and (2) insurance data security laws that apply to those who are regulated for doing the business of insurance. A great summary of the state data breach notification laws is published quarterly by the law firm of Foley & Lardner. Another useful resource for tracking both the state data breach notification laws and the insurance data security laws is a tool published by the law firm of Lewis & Brisbois

Now that we’ve discussed both the general and insurance data breach notification laws, please be aware that sometimes notification requirements derive from other sources, including statutes which are not labeled as Insurance Data Security Laws (or which don’t even fall under the category of such laws), and bulletins issued by insurance regulators.

State data breach notification laws vary from state to state and may have some exemptions which apply to you, but often include the following common components:

  • Notification to affected state residents without unreasonable delay.
  • Notification to certain agencies, including state attorneys general and/or consumer reporting agencies under certain circumstances.

The variances are quite considerable and include (but are not limited to) how (e.g. by what method) to give notice, permitted delays when a law enforcement agency investigation is pending, timing of the notice, what particular information is required to be provided, and record retention.

Consumer Reporting Agency Notification

For your convenience, when these laws do require notification to Consumer Reporting Agencies, the following information may be helpful to you:

Common Notification Requirements

Insurance Data Security Laws also vary from state to state and may have some exemptions that apply to you (typically based upon the size of the licensee, its year-end total assets, and its gross annual revenue), so, again, be sure to check your state’s specific requirements. However, these laws generally include the following common notification components:

  • Notification to the insurance commissioner of the cybersecurity event (usually within three days in most states).
  • Notification to affected state residents without unreasonable delay.
    • But if you’ve had a breach and determined that notice is not required (according to the state law or other authority), then typically that determination is required to be documented in writing and retained for at least five (5) years.
  • Notification (usually within 10 days) to a covered third-party (such as your *title insurance underwriter) when you have determined or believe that a breach occurred.
    *(for Alliant National Title, you can contact Elyce Schweitzer, Regulatory Compliance Officer, at eschweitzer@alliantnational.com)

MARYLAND NOTIFICATION REQUIREMENTS AND CONTACT INFORMATION  

Contact Information Pursuant to State Data Breach Notification Laws
Md. Code Com. Law § 14-3501 et seq., Maryland
Personal Information Protection Act. *(Md. Code Com. Law § 14-3504 and § 14-3506 are the notification/reporting sections).

Prior to giving the individual
notification required under the law, provide notice of a breach to the attorney
general:

*Attorney General notification requirements are disclosed on
website at https://www.marylandattorneygeneral.gov/Pages/IdentityTheft/businessGL.aspx;
send notice to the OAG by one of the following methods: (1) By Mail: Office of
Attorney General, Attn: Security Breach Notification, 200 St. Paul Place,
Baltimore, MD  2101; (2) By Fax: Attn:
Security Breach Notification, (410) 576-6566; (3) By Email: Idtheft@oag.stat.md.us.

When breach affects > 1,000
residents, notify:

*Consumer Reporting Agencies
Contact Information Pursuant to Insurance Data Security Laws (or Pursuant to Other Authority Requiring Notice to Regulator):
Md. Ins. Code § 33-101, et.
seq., Insurance Data Security Law, with MIA Bulletin 22-13.  *(Md. Ins.
Code § 33-105 is the notification/reporting section).

Notify:
* Access Maryland Cybersecurity Event Initial
Notification Form at https://marylandinsurance.jotform.com/222405158165048

Let's Connect

Discover more stories and conversations on our social media networks,
or drop us a line on our contact page.


The Independent Underwriter for
the Independent AgentSM