The Bank for International Settlements (BIS) indicates the global payments infrastructure around the world is built on a complex linkage of domestic and cross-border payment systems that each has a multitude of regulators overseeing the functioning of their individual networks. Millions and millions of international wire transfers go through this financial web each and every day. To avoid issues, knowing best practices is one way community bankers can leverage this opportunity, while keeping things secure for the bank and its customers.
International transactions are similar to cars on a freeway. There are literally millions of them speeding around relatively uneventfully. But, every once and a while, accidents can happen. One such accident did happen at a bank recently, and like many other banks, this one allowed and executed international wire transfers using email.
Here is how it all went down. A client emailed the bank wire instructions. The bank then confirmed the request via phone and after doing so sent the money to the account indicated on the email. This bank has been doing it this way for years.
This time however and unknown to the bank, crooks had already hacked the bank's emails. Through this breach, fraudulent instructions had been sent from inactive account holders. As protocol, this bank called the account holder to confirm the transfer. However, instead of using the contact number on file as was their procedure, they instead called the phone number noted in the email as they had been instructed to do. You see, the email indicated that this account holder was unfortunately out of the country and therefore not available on any other contact numbers, so the bank should call the one indicated.
This may sound like something that is easy to catch, but here is where community bankers have a huge blind spot. After all, community banks are all about providing exceptional customer service and do so quite routinely. Talking to insurance experts in this area and community bankers themselves, we alert you because this happens more than it should. Following procedures is critical to executing properly and we have heard hundreds of scary stories of near-misses too, so be thorough and train frequently when it comes to money movement.
Consider that in this instance, the thieves were not only smart enough to use inactive accounts (so that the account owners wouldn't notice until it was too late), but also to add urgency to the request (so the teller felt stressed to perform), hacked into systems and used some pretty sophisticated but easy to execute methods to get around protections.
So, how could this have been avoided? First, always confirm the wire request with the contact number on file. If your client is in fact not available at that number, they should have notified you in advance. Even if they didn't they should still be happy with your diligence. Next, having a second layer of security is also encouraged to avoid this situation. If you have your wire transfer customers use a security question or PIN in addition to an email, that could help prevent unauthorized transfers too. Third, it is not a bad idea to review inactive accounts on a regular basis to be aware of any strange or questionable activity. Of course, it is always a good idea to encourage clients to set up activity alerts on their end as well, so that they can see when transactions occur and be promptly notified.
This cautionary tale shouldn't dissuade you from assisting your clients with domestic or international transfers, as they are part and parcel of business banking these days. Instead, take steps to protect your bank by training your team thoroughly and repeatedly, sharing stories of things you hear, bringing in your insurance expert to tell you what the carriers are seeing in this area and staying extra vigilant when it comes to moving customer money. If you need a partner in this endeavor to help, give us a call and we can provide you with even more tips to help protect your bank. Our team of international wire experts is standing by to help guide and advise your team all along the road, as you safely drive to your next destination.