Friday, June 24, 2016

With the growth of wire-transfer fraud schemes, it seems only fitting that banks would take steps to protect their customers from the frighteningly agile and adaptive hackers who prey on them.

According to Reuters, Los Angeles-based Grandpoint Bank appears to be the first bank to offer an insurance policy to its business customers to protect them from losses in wire transfer scams. The policy is underwritten by Hiscox Inc., and costs $30 to $70 per month for up to $1 million in coverage.

It’s always important to read policy terms and exclusions carefully, but it’s doubly important with any cyber-related policy. That’s because the policies are not standardized and variations abound. In addition, many businesses are tempted to overstate their internal security protocols when obtaining insurance, only to have that come back and bite them when it’s time to make a claim.

Most hacks are at least partly due to human error, and wire transfer schemes are all but impossible to carry out without one or more internal employees being duped by hackers. So Grandpoint customers considering purchasing one of their wire fraud transfer insurance policies should definitely read the fine print to make sure the policy doesn’t exclude unintentional acts by employees.

In a typical wire transfer scheme (also known as “business email compromise”), fraudsters pose as executives or vendors from a business, using nearly identical email addresses to the legitimate executive or vendor, and request money transfers to accounts controlled by criminals.

According to the FBI, such scams have amounted to about $3 billion in losses since late 2013. Although 79 countries have been identified as the origin of the schemes, most of them involve requests to transfer funds to banks in Hong Kong and China. The fraudulent requests have been successful about 25 percent of the time, so it’s clearly a profitable venture (although one hopes that heightened awareness of the frauds will lower that success rate dramatically).

Even with insurance, it’s still preferable to avoid becoming a victim in the first place. The FBI offers these tips to avoid wire transfer fraud:

  • Verify changes in vendor payment location and confirm requests for transfer of funds.
  • Be wary of free, web-based e-mail accounts, which are more susceptible to being hacked.
  • Be careful when posting financial and personnel information to social media and company websites.
  • Regarding wire transfer payments, be suspicious of requests for secrecy or pressure to take action quickly.
  • Consider financial security procedures that include a two-step verification process for wire transfer payments.
  • Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail but not exactly the same. For example, .co instead of .com.
  • If possible, register all Internet domains that are slightly different than the actual company domain.
  • Know the habits of your customers, including the reason, detail and amount of payments. Beware of any significant changes.

Click here to receive our firm’s e-newsletter, which includes updates on insurance law and other news important to business policyholders.