Wire fraud is one of the most common cyberattacks afflicting companies of all shape and sizes, particularly financial institutions.
When talking about the matter, it’s important to note that since banks make extensive use of electronic communication that can allow individuals to interpret fraudulent actors as legitimate entities and cause funds or sensitive information to be transferred into the wrong hands, it’s critical the financial organization implement techniques to ensure they have the proper controls in place.
Authentication Procedures
A bank can perform vendor verification, specifically callbacks on predetermined numbers, to authenticate wire requests. A phone call to a customer’s number that’s on file is one proactive method. But individuals who try to initiate fraud can easily take over customers’ emails and phone numbers, so bank employees must complete due diligence and verify that any phone number associated with a customer is accurate.
Multifactor Authentication (MFA) is a method of identity verification that requires three components to be successful, typically a password, a phone number and the customer’s face or fingerprint. This method adds an important additional layer of security for both the bank and its customers. With passwords, emails and phone numbers becoming increasingly easy to hack, adding an extra step to the login process can make it more difficult for unauthorized users to access their target. MFAs are versatile, too; they can add the extra step when customers login to a mobile device, database network or physical location.
When enabling an MFA, the customer is prompted to enter a username, password and a second factor. Most banks offer password-less authentication. The second factor could be a code that’s sent to the customer’s phone via text or through an app like Google Authenticator, which generates a one-time code that’s only valid for a few seconds, making it largely impossible for an actor to hack an account since they can’t ascertain the correct code in time. Implementing facial recognition is an additional method that can block a potential hacker.
Monitoring Systems
Banks can deploy advanced monitoring systems to detect suspicious activity and unusual transaction patterns in real time. This allows them to intervene promptly and mitigate any associated potential risks or losses. Monitoring/tracking systems ensure that payments are made to the right place every time and will detect any unusual activity or potential fraud.
Employee Training
No matter how robust a bank’s fraud tools, employees are the most important component in making sure they work correctly. Human error accounts for most data breaches and initiation of fraud, so it’s vital that all employees are well-trained with comprehensive programs that can educate bank staff on fraud and the red flags associated with wire fraud schemes. Proper training can emphasize the importance of following security protocols and the repercussions if not followed.
Customer Education
Customers can also be a key factor in the fight against wire fraud. Ensuring that the institution provides ongoing updates about potential threats and risks are essential for a bank’s risk management process. Customers should be educated on security measures like MFA, for instance. Also, informing customers of who to contact or what to look out for when it pertains to fraud can help mitigate associated risks.
Regulatory Changes
Fostering practices that keep employees and management up-to-date on banking regulations, the latest emerging threats and the best protection against wire fraud is paramount.
Banks with a designated compliance team can proactively monitor and interpret relevant regulatory changes and review updates generated by the Financial Crimes Enforcement Network and the Federal Financial Institutions Examination Council. Keeping up-to-date on these components can help the bank determine if any updates are needed for policies and procedures to better prepare for potential fraudsters, including those in the areas of:
- Risk Assessment – A wire fraud risk assessment that includes factors like customer profiles, transaction activity, locations and emerging threats can be put into place to identify, assess and mitigate risks.
- Customer Due Diligence Questionnaires (CDD) – Implementing due diligence questionnaires for customers who exhibit high risk and unusual activity is a great way to mitigate potential wire fraud risks. CDD procedures allow a bank to verify a customer initiating a wire transfer and assess the legitimacy of the transaction. The bank can perform periodic reviews of the questionnaires to ensure accuracy and patterns that take place.
- Information Sharing and Collaboration – Collaborative relationships between financial institutions and industry peers is a great way to better protect customers. Sharing best practices or regulatory guidelines to avoid emerging threats is an effective way to mitigate risk associated with all fraud, especially wire fraud.
Implementing these elements into a financial institution’s policies and procedures can help advance and enhance its ability to detect, prevent and respond to wire fraud. It’s important to ensure the interest of customers while also maintaining compliance with banking regulations and standards.
About Schneider Downs Risk Advisory
Our team of experienced risk advisory professionals focus on collaborating with your organization to identify and effectively mitigate risks. Our goal is to understand not only the risks related to potential loss to the organization, but to drive solutions that add value to your organization and advise on opportunities to ensure minimal disruption to your business.
Explore our full Risk Advisory Service offerings or contact the team at [email protected]
