The 57-page report provides information on current fraud trends in the mortgage, title and settlement industries and details some of struggles companies face in addressing fraud detection, prevention and customer experience.
In terms of the cost of fraud, research indicates that for every $1 lost in an actual fraud incident, the cost to a title company is $4.19 or four times that of the face amount of the loss. The number rises to $5.34 for originators.
According to the research, the additional cost is related to the labor required for fraud detection, plus the expense of investigation, reporting and recovery following an incident.
For title companies, the biggest cost is labor, with the actual breakout of related costs as follows:
35% attributed to labor costs
21% for detection, investigation and recovery
18% related to fines and legal fees
13% covering fees during application and processing
13% accounting for the face amount of the actual fraud
The actual cost is extraordinary, given that title companies reported a staggering 77% increase in fraud over the past three years. The growth in fraud is attributed in part to COVID, as a substantial portion of both mortgage and settlement services transactions moved to online and mobile-only transactions.
According to the LexisNexis report, although fraud originates largely in online and mobile-only transactions, it often the moves to the call center or phone-based point of interaction, which further adds to the risk, with the growth of remote workers handling these transactions.
For title companies working in the online and mobile transaction world, identity verification is the number one challenge.
“The challenge involves assessing digital identity attributes such as email and phone number,” the report states. “That is contributing to challenges with identifying malicious bots and the ability to determine the source of the transaction. Synthetic identities are a key driver of identity verification challenges, particularly among organizations that do not use fraud solutions that assess digital identities and behaviors.”
LexisNexis noted that the mobile channel especially is contributing to the high volumes in recent years.
“This channel brings device-related risks that are unique from online browser transactions (SIM card swapping, malware, SMS phishing). This allows fraudsters to gain entry through anonymous remote transactions at the very start of the mortgage process.”
Title companies walk a bit of a tightrope, determined to invest in strong fraud prevention, while striving to create a positive customer experience. Customers reportedly get frustrated with the passwords, qualifying questions and multiple identifiers it takes to get through the transaction and have been known to give up and drop out of online and mobile device-related processes out of frustration.
Balancing these two necessities of doing business has been challenging, but title companies that put forth the effort can dramatically reduce their exposure to fraud.
To help our agents assess their efforts, Alliant National released a white paper this year, titled Escrow Fraud/Social Engineering: Recent Schemes and Prevention Tips. The white paper provides agents with useful information, risk factors to consider, and practical action steps that will help you partner with consumers, real estate agents and lenders to defend against the fraudsters.
In addition, the LexisNexis report identifies four recommendations agents should consider, including remaining vigilant to increased fraud, increasing the use of technology, creating multi-layered solutions, and integrating cybersecurity and digital customer experience with your fraud processes.
Here are a few highlights from their list of recommendations:
Accelerated movement to online/mobile transactions will continue to grow; therefore, title/settlement companies should continue to buildout and enhance the digital customer experience while protecting against fraud.
Best practice fraud detection and prevention includes a multi-layered solutions approach, and the integration of fraud prevention with cybersecurity operations and the digital customer experience.
Layering in supportive capabilities such as Social Media intelligence and AI/ML further strengthens fraud prevention.
While fraud prevention in the current environment is challenging, the report concludes that “firms which use a multi-layered solutions approach that is integrated with cybersecurity and digital customer experience operations can lower their cost and volume of successful fraud while improving identity verification and fraud detection effectiveness.”
First published in 2017 and fully updated by Alliant National’s Compliance, Risk and Education teams, the paper provides information, tips and suggestions to help you better understand the current threat environment and create a comprehensive plan that addresses the realities we face in our industry.
Time to assess cyberattack risk in light of Ukraine invasion
The paper’s release comes at a critical time as U.S. businesses brace for potential cyber warfare corresponding with recent violence in Europe. The Department of Homeland Security (DHS) issued a bulletin in January warning of the increased risk of cyberattacks in the U.S. as Russia was poised to invade Ukraine.
“We assess that Russia would consider initiating a cyberattack against the Homeland if it perceived a U.S. or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security,” the agency said in the bulletin released to law enforcement partners and obtained by The Hill.
In response, the American Land Title Association warned in a recent blog that the risk of spillover cyberattacks against non-primary targets could become much more widespread.
2022: Growth of BEC/EAC
Against this backdrop of international tension, Alliant National agents continue to report an increase in attempted wire fraud schemes. These attacks are part of a growing fraud threat targeting businesses of all sizes and the general public.
The FBI refers to this threat as Business Email Compromise/Email Account Compromise (BEC/EAC). BEC/EAC fraudsters focus on organizations that perform wire transfers, making real estate especially vulnerable.
According to the FBI Internet Crime Complaint Center’s (IC3) most recent report, the center received a record number of complaints from the American public in 2020: 791,790, with reported losses exceeding $4.1 billion. This represents a 69% increase in total complaints from 2019. Business Email Compromise (BEC) schemes continued to be the costliest: 19,369 complaints with an adjusted loss of approximately $1.8 billion. Phishing scams were also prominent: 241,342 complaints, with adjusted losses of over $54 million.
Protect Your Agency
Given the increased incidence of BEC/EAC scams and ransomware attacks over the past several years, it is imperative that prevention be addressed at every level. State and federal entities, as well as most of the top tech companies are creating alliances and workgroups to stem the tide.
Title insurance companies and agents also have a role to play. Given the current nationwide threat, we encourage all agents and their staff to remain on high alert for attempted fraud, particularly when it comes to seller proceeds. We also urge agencies to remain vigilant regarding possible attempts to obtain consumer or employee PII.
Here are some immediate steps to consider:
Identify the risks your agency faces and make sure your systems are protected
Maintain strict policies and procedures for verification of wire instructions
Educate your staff and consumers about what to do when they suspect fraud
Establish protocols to quickly detect fraud and recover diverted funds
Obtain appropriate insurance, including Cyber Liability coverage
Cyber Security is Mission Critical
There is nothing more important than protecting our clients’ funds and personal information. It is mission critical for a title company to make security its highest priority in 2022. You can begin today to assess your systems and educate your staff to make sure every possible precaution has been put into place. We hope our Escrow Fraud/Social Engineering White Paper will be helpful in this work.
In addition to the release of the White Paper, Alliant National will provide updated materials throughout the year to help agents understand and respond to the threat environment we face. Of course, we’re always ready to discuss the threats we are seeing, and steps you might consider for your business. Feel free to reach out to your agency representative, or any member of the Alliant National team.
Amy Gregory has a passion to protect, and when a customer at
Paramount Title was defrauded of $130,000, Amy pulled out all the stops to
track down the funds and then went above and beyond to ensure no customer of
hers would ever fall victim to wire fraud again.
Our story begins with an innocuous email delivered to our
homebyer on June 18, which appeared to come from the lender’s office. The email
informed our buyer that a representative from Paramount Title would call her to
confirm receipt of the funds to close.
Someone called the buyer, but it wasn’t us. A fraudster
named “Jimmy” on the other end of the line confirmed wire instructions for a
specific bank account, with the account name referencing Paramount Title, and
instructed our buyer to send funds in the amount of $130,000.
Our buyer wired the funds.
The following day our buyer checked her account and saw the
wire had been returned to her account. She replied to the email thread with the
fraudster from the previous day asking if she knew what happened and why the
funds were returned.
The fraudster told her the company’s escrow account was
under its annual tax audit and that is why her funds were returned. Then he
gave our buyer new wiring instructions for another bank account. Our buyer
called “Jimmy,” who confirmed the new writing instructions were correct.
Our buyer wired the funds again.
On June 20, our buyer received another email from the
fraudster stating there was an issue with the wire. The fraudster asked our
buyer to call her bank and request a hold be lifted off the wire. Tragically,
our buyer called her bank and obtained the federal reference number for the
The next day a representative from the receiving bank called
to say they flagged her wire transfer and they were not going to release the
funds yet because it looked suspicious.
That’s when our buyer decided to look up the title company. She then called us, the real Paramount Title, and shared her story. Our office confirmed we don’t employ anybody by the name of “Jimmy” – and this was most definitely a case of wire fraud.
This is where Amy swoops into the picture.
Amy was quick to discuss all options for our buyer to report
the crime, including offering to report the issue on her behalf. Amy contacted our
US Secret Service agent (YES, we actually have a US Secret Service agent in our
rolodex to help us in these “special” circumstances), finally reaching him at
10 o’clock at night to discuss the details of the file.
Amy wanted to see if the agent could provide any assistance
on what our buyer could do to get her money back. She conferenced in our buyer,
so she could speak directly with the agent. The agent then offered to call the
“fraudsters” bank and see how they could help.
On June 22, thanks to Amy’s tireless efforts driven by a
passion to protect, the full amount of the wire was returned to our buyer. Our
buyer closed on her home two weeks later.
“I spoke with the client shortly after the ordeal was over,
and she expressed to me how good it felt that someone had her back through the
process,” said Andrea Somers, Compliance Officer for the Florida Agency
Network. “Amy truly goes above and beyond in everything that she does.”
But our story doesn’t end there, because Amy went above and
beyond to ensure no customer of hers would ever fall victim to wire fraud
First, she implemented the website “www.inquirebeforeyouwire.com,”
a message we now we blast everywhere we can. When we receive a new contract, our
customer is informed of this very real threat. When a customer receives an
email from us, they see the Inquire Before You Wire image. It doesn’t matter
how small, or big, the transaction is.
She also implemented additional processes where phone calls
are made to the contacts on each file, to discuss wire fraud, the current fraud
trends being seen in our industry and to lay out exactly how the client will
receive wire instructions.
What’s more, Amy decided to go one step further by achieving
the Certified Anti-Money Laundering Specialist (CAMS) certification. This
achievement demonstrates Amy’s commitment and leadership in protecting our
clients and our industry. Amy feels we have a duty to protect and serve the
Amy’s passion to protect pushes our team to uphold the same
standard of care, to protect and try to prevent tragic situations involving
wire fraud from occurring on our watch again.
Threats are constantly evolving and your training and testing must also evolve to counter these threats and keep your defense robust.
A cyberattack is a malicious and deliberate attempt by and
individual or an organization to breach the information system of another
individual or company, seeking benefit from the disruption, ransom, or theft of
This electronic threat is increasing in frequency and
complexity and has become very expensive to remediate or to recover from.
Here’s the surprise – almost 90 percent of cyberattacks are
caused or allowed by human error from the internal staff of the entity attacked.
This includes failure to follow security rules and
protocols, sharing passwords, using weak or default settings, and falling
victim to social engineering.
Even the large events such as the hacking at Equifax and
Target, were caused by failure to follow the rules regarding administrative
password settings, human error.
So whether your business is large or small, you need ongoing,
strong training and testing to counter the threats.
Recent survey results of a survey of title insurance
professionals by the American Land Title Association show a surprisingly small
amount of agents are conducting ongoing staff training, and most do it once
when they hire an employee.
This is a recipe for eventually becoming a victim of
There are simple yet effective steps to take to counter the
increasing threats by taking a strong defense, and it starts with regular
training and testing to remove or reduce the human error element.
Here is what to do to put a training and test plan into
Ensure new hires are introduced to and educated on information and data security policies and procedures as well as how to protect nonpublic personal information (NPI) and sensitive information. Emphasize to them the “why” so they fully understand the shared responsibility nature. This should be a core part of their orientation and on-boarding.
Set and schedule ongoing training for all employees at every level commensurate with the size of the staff and complexity of your business. This should be monthly, quarterly or semiannually.
At a minimum, cover controls over access (passwords; pass phrases; multi-factor authentication), network and data distribution (including never using non-secured networks for conducting business such as those in cafes/hotels/airports), phishing and spear-phishing, and never use a general email service like Yahoo or Gmail when sending NPI or sensitive information; social media and social engineering.
Require security measures for smart devices (smart phones, and in particular Androids, account for a large percentage of data breaches).
Explain the implications of data loss, which includes reputational hits and potential fines and penalties and law suits.
Focus on all media forms – hardcopy as well as electronic – and include proper handling and protection from receipt through handling to secured destruction.
Training may be done with internal documents or you may use a third party to conduct the training (i.e. Data Shield; KnowBe4).
After the training, use a quiz to gauge how well your employees understood the material.
Develop or use a third party to conduct ongoing, regular internal testing such as phishing or spear phishing testing (i.e. KnowBe4 is one vendor who can provide you this tool). Depending on the results, you may then make appropriate changes and re-focus your training to deal with any weak or weaker topics or areas.
Provide a single point of contact the employee may turn to with questions or to report any suspected suspicious attempts to obtain information or data (electronic or by phone).
Keep records of the training and attendees and testing results. This will be needed to demonstrate good faith, to meet many state requirements – and it’s a best practice.
Last, keep up-to-date on emerging threats and vulnerabilities
and provide updated training to employees to be sure they understand new risks
or new controls and why they are important; employees must know how to
recognize and report threats to stay vigilant.
This will keep your training and testing current and fresh
and serve as a continual reminder to your staff.
Remember, this is a
marathon, not a sprint. Threats are constantly evolving and your training and
testing must also evolve to counter these threats and keep your defense robust.
rising threat, recent survey results show a surprisingly small number of agents
are prepared, as most do not have a written cyber security and response plan.
cyberattack is a malicious and deliberate attempt by and individual or an
organization to breach the information system of another individual or company,
seeking benefit from the disruption, ransom, or theft of data – and such
attacks are increasing in numbers and complexity.
rising threat, recent survey results show a surprisingly small number of agents
are prepared, as most do not have a written cyber security and response plan.
cyber security and response plan is essential to be prepared, organized and to
execute appropriate and prompt actions when an attack occurs.
does not need to be complex. To be effective, it should be simple and clear and
present key information. It should also be built commensurate with the size of
elements of the plan must include:
Perform a risk analysis to mitigate all risks, covering administrative, technical, and physical controls. Simply put, this is what could be vulnerable, what could go wrong and what is or should be done to try to avoid or contain the threat(s).
The cybersecurity program must protect the security and confidentiality of nonpublic information, protect against threats or hazards to the security or integrity of information, and protect against unauthorized access.
Define a schedule for the retention of data and a mechanism for its secure destruction when data is no longer required.
Designate an individual, third party, or affiliate who is responsible for the information security program.
Be sure existing controls in place – access controls, authentication controls, and physical controls to prevent access to nonpublic information. Encryption (or an alternative, equivalent measure) should be in place to secure data stored on portable electronic devices and for data transmitted over an external network.
Identify and manage devices that connect to the network – a simple inventory.
Adopt secure development practices for in-house applications if applicable. Alternatively, obtain this assurance from your service provider that performs the development for you.
Use multi-factor authentication to prevent unauthorized accessing of nonpublic information.
Regularly test and monitor systems for actual and attempted attacks, maintain audit trails, and implement measures to prevent the unauthorized destruction or loss of nonpublic information.
Keep up-to-date on emerging threats and vulnerabilities and provide ongoing training to employees to be sure they understand existing controls and why they are important; employees must know how to recognize and report threats.
response plan must include the following elements to be effective:
Date of the cybersecurity event.
A description of how the information
was exposed, lost, stolen, or breached,
including the specific roles and responsibilities of third-party service
providers, if any.
How the cybersecurity event was
Whether any lost, stolen, or breached
information has been recovered and if so, how this was done.
The identity of the source of the
Whether you filed a police report or
notified any regulatory, governmental or law enforcement agency and, if so,
when such notification was provided and by whom.
A description of the specific types
of information acquired without authorization, which means particular data
elements including, for example, types of financial information, or types of
information allowing identification of the consumer.
Time period during which the
information system was compromised by the cybersecurity event.
The number of total consumers
affected by the cybersecurity event, or a best estimate.
The results of any internal review
identifying a lapse in either automated controls or internal procedures, or
confirming that all automated controls or internal procedures were followed.
A description of efforts being
undertaken to remediate the situation which permitted the cybersecurity event
Don’t wait until an event occurs. It’s a chaotic time full of financial
and emotional high stress. Do it now and provide yourself the peace of knowing
you are prepared.