Among many cyber risks consumers and online companies are faced with, wire transfer fraud is rapidly increasing. It is a liability threat for your business if you accept payment of funds by wire transfer. Some simple things you can do to prevent these attacks include:
· Accepting multiple forms of payment, such as cash, personal checks, money orders, and payment by phone from a verified phone number
· Putting warnings on websites and email communications
· Ensuring your communications are secure
· Sending notices to consumers and partners that wire instructions will not change during a transaction, unless they are contacted by phone from a company number they recognize
· Calling clients on a known number to verify wire instructions prior to processing transaction
· Verifying the account holder’s information with the receiving bank before processing a wire transfer
Another protection to consider is comprehensive Cyber Risk Insurance (aka: Data Breach Coverage, Privacy Coverage, and Network Security Coverage). Most basic Cyber Risk Insurance policies don’t cover consumer phishing fraud, a variation of social engineering fraud, so consider a comprehensive policy.
The way these criminals typically operate is by phishing to gain access to email accounts, then monitoring emails to find details for a planned transaction. They then send fake emails to consumers. They require money transfers to their personal accounts in disguise as the intended recipient- your company. Real estate is a prime target, as large sums of money in few transactions are involved. Hackers deceive buyers into believing they are their real estate agent, attorney, or title company, in charge of receiving, holding, and transferring real estate transaction funds. They send instructions for transfer of a down payment and wait to receive the money in their account. The real company never receives the fund and doesn’t incur a loss. The client is the person who has been deceived and lost the money. If the client’s email was the breached account, the question of liability would be unclear, and an expensive lawsuit may be involved. If the company’s email has been breached, however, the client could justifiably appoint liability on the company’s part.
A variety of Cyber Risks Insurance policies are available to companies accepting payment online, but their coverage varies and has different stipulations and provisions. It is important that you do the research to ensure you are compensated as much as possible if you are concerned about wire transfer fraud. Also consider E&O insurance (Errors and Omissions) when speaking to one of our agents about your coverage options. We will discuss this type of insurance in a future blog, so stay tuned!