Funds Transfer Security Wire Transfers
This white paper is part of the Risk Management White Paper Series, which CUNA Mutual Group provides exclusively to its Bond policyholders.
TABLE OF CONTENTS
Table of Contents
Background.................................................................................................................... 2
Federal Reserve Regulation J and UCC 4A ................................................................... 2
Funds Transfer Agreements and Request Forms-Additional Considerations................. 6
Overview of Funds Transfer Coverage Requirements (Pre-October 1, 2010 Version).. 7
Emerging Fraud Issues................................................................................................... 9
Loss Controls............................................................................................................... 11
System Intrusions......................................................................................................... 12
Policies, Procedures and Training................................................................................ 13
Risk Matrix .................................................................................................................. 14
CUNA Mutual Group y Funds Transfer Securityy June 2011
1
BACKGROUND
Background Historically, losses from unauthorized funds transfer requests were primarily caused by
This summary provides a detailed
family members. The losses were infrequent in nature and generally involved small dollar
overview of funds transfer security
amounts. A typical loss scenario involved a member’s relative (e.g., son or daughter) who
procedures as they relate to the Funds
impersonated the member to request a funds transfer to an account at another financial
Transfer coverage under the Bond. Funds
institution. The family member often had access to the member’s personal information
transfers can take many forms, but for the
allowing him/her to successfully answer security questions (e.g., address, Social Security
purpose of this summary, the term “funds
number, mother’s maiden name, etc.) when making the funds transfer request by
transfer” refers to wires, ACH and
telephone. The family member also had access to the member’s signature allowing
member-to-member transfers that are
him/her to either forge the member’s signature on a fax to the credit union requesting a
requested by telephone, fax, e-mail, and in
funds transfer, or cut and paste the member’s signature on to the fax.
some cases, online banking systems. A wire transfer is the most common form of
In recent years, losses resulting from unauthorized funds transfer requests increased
funds transfer falling under the Funds
significantly in both frequency and severity due to identity theft and organized crime.
Transfer coverage.
One continuing trend involves taking advances against member line-of-credit loans (e.g., a home equity line-of-credit) to fund the transfer. A fraudster could obtain, for example, the member’s credit report without authorization to obtain not only the member’s personal information but also loan information.
Federal Reserve Regulation J and UCC 4A Funds transfers are governed by Federal Reserve Regulation J Subpart B and Article 4A of the Uniform Commercial Code (UCC 4A). Regulation J Subpart B and UCC 4A govern funds transfers made through Fedwire. UCC 4A is a series of rules that govern the resolution of legal issues that may arise from funds transfers. Many things can and do go wrong with funds transfers. There are two primary problems that can occur: unauthorized funds transfers and erroneously executed payment orders. An unauthorized funds transfer occurs when the credit union debits the member’s account without his/her authorization. An erroneously executed payment order could occur, for example, when a member provides an incorrect account number for the beneficiary, or there is a misdescription of a beneficiary. Unauthorized Funds Transfers In general, a credit union is liable for the loss from an unauthorized funds transfer if the member denies making the funds transfer request and there is no evidence indicating otherwise. This would occur, for example, when a credit union executes a funds transfer debiting funds from a member’s account based on a telephone request from an impostor. However, under UCC 4A-202(b), a credit union can shift liability for the loss from an unauthorized funds transfer to the member if the parties have agreed that the authenticity of a funds transfer request is to be verified pursuant to a “security procedure,” provided the security procedure is a commercially reasonable
CUNA Mutual Group y Funds Transfer Securityy June 2011
2
BACKGROUND
security procedure to protect against unauthorized funds transfer requests, and the credit union proves that it accepted the funds transfer request in good faith and in compliance with the security procedure set forth in a written funds transfer agreement. The term, “security procedure” is defined in UCC 4A-201: “Security procedure” means a procedure established by agreement of a customer and a receiving bank for the purpose of (i) verifying that a payment order or communication amending or cancelling a payment order is that of the customer, or (ii) detecting error in the transmission or the content of the payment order or communication. A security procedure may require the use of algorithms or other codes, identifying words or numbers, encryption, callback procedures, or similar security devices. Comparison of a signature on a payment order or communication with an authorized specimen signature of the customer is not by itself a security procedure. To satisfy the definition of a “security procedure,” it must be agreed to by the credit union and member in a signed funds transfer agreement. A security procedure unilaterally established by the credit union does not qualify. Under UCC 4A-202(b), liability for an unauthorized funds transfer can be shifted by written agreement to the member if his/her negligence contributed to the compromise of the security procedure: If a bank and its customer have agreed that the authenticity of payment orders issued to the bank in the name of the customer as sender will be verified pursuant to a security procedure, a payment order received by the receiving bank is effective as the order of the customer, whether or not authorized, if (i) the security procedure is a commercially reasonable method of providing security against unauthorized payment orders, and (ii) the bank proves that it accepted the payment order in good faith and in compliance with the security procedure and any written agreement or instruction of the customer restricting acceptance of payment orders issued in the name of the customer. Under UCC 4A-202(c), a security procedure that is consciously chosen by the member and agreed to in writing can be considered a commercially reasonable security procedure: Commercial reasonableness of a security procedure is a question of law to be determined by considering the wishes of the customer expressed to the bank, the circumstances of the customer known to the bank, including the size, type, and
CUNA Mutual Group y Funds Transfer Securityy June 2011
3
BACKGROUND
frequency of payment orders normally issued by the customer to the bank, alternative security procedures offered to the customer, and security procedures in general use by customers and receiving banks similarly situated. A security procedure is deemed to be commercially reasonable if (i) the security procedure was chosen by the customer after the bank offered, and the customer refused, a security procedure that was commercially reasonable for that customer, and (ii) the customer expressly agreed in writing to be bound by any payment order, whether or not authorized, issued in its name and accepted by the bank in compliance with the security procedure chosen by the customer. Misdescription of Beneficiary Many credit unions mistakenly believe that a funds transfer to a member’s account at another financial institution is safe. The beneficiary bank’s (i.e., the bank receiving the funds transfer for deposit to the beneficiary’s account) only obligation is to match the account number in the payment order to the beneficiary’s account number without regard to whether the name on the account matches the name in the payment order. This is based on UCC 4A-207, Misdescription of Beneficiary: (b) If a payment order received by the beneficiary's bank identifies the beneficiary both by name and by an identifying or bank account number and the name and number identify different persons, the following rules apply: (1) Except as otherwise provided in subsection (c), if the beneficiary's bank does not know that the name and number refer to different persons, it may rely on the number as the proper identification of the beneficiary of the order. The beneficiary's bank need not determine whether the name and number refer to the same person. UCC 4A-208, Misdescription of Intermediary Bank or Beneficiary’s Bank, is similar to UCC 4A-207 except that UCC 4A-208 addresses the situation where the identifying number of the intermediary or beneficiary’s bank does not match the bank’s name in the payment order. The receiving bank is not obligated to match the intermediary and/or beneficiary bank’s identifying number to the name if both are contained in the payment order. In order to avoid liability from inaccurate instructions provided by the member (e.g., member provides an incorrect account number for the beneficiary), the written funds transfer agreement and/or funds transfer request form signed by members should contain a notice that transfers may settle by the beneficiary bank’s routing number and the beneficiary’s account number, even if the name provided for the beneficiary bank and/or beneficiary account do not match. This can shift liability for member errors to the
CUNA Mutual Group y Funds Transfer Securityy June 2011
4
FEDERAL RESERVE REG J AND UCC 4A
member, which is important, as insurance does not cover losses due to member errors. This is required under UCC 4A-207(c)(2) and UCC 4A-208(b)(2): UCC4A-207(c)(2): If the originator is not a bank and proves that the person identified by number was not entitled to receive payment from the originator, the originator is not obliged to pay its order unless the originator's bank proves that the originator, before acceptance of the originator's order, had notice that payment of a payment order issued by the originator might be made by the beneficiary's bank on the basis of an identifying or bank account number even if it identifies a person different from the named beneficiary. Proof of notice may be made by any admissible evidence. The originator's bank satisfies the burden of proof if it proves that the originator, before the payment order was accepted, signed a writing stating the information to which the notice relates. UCC 4A-208(b)(2): If the sender is not a bank and the receiving bank proves that the sender, before the payment order was accepted, had notice that the receiving bank might rely on the number as the proper identification of the intermediary or beneficiary's bank even if it identifies a person different from the bank identified by name, the rights and obligations of the sender and the receiving bank are governed by subsection (b)(1), as though the sender were a bank. Proof of notice may be made by any admissible evidence. The receiving bank satisfies the burden of proof if it proves that the sender, before the payment order was accepted, signed a writing stating the information to which the notice relates. For funds transfer requests received by telephone, in the absence of written of a written agreement, credit unions should have one of the following in place:
•
Telephone recording of the member’s request capturing the routing number of the intermediary and beneficiary bank and the account number of the beneficiary; or
•
A requirement for the member to sign a funds transfer request form containing the routing number of the intermediary and beneficiary bank and the beneficiary’s account number. Ideally, the request form should be signed in-person at a branch office after the member’s identity is verified. If this is not possible, the member should fax a signed request form containing the instructions. The fax will provide documentary evidence that the request was received from the member.
Either method will provide proof to protect the credit union in the event the member later refutes making the request. These methods also help document any errors made by the member in providing the beneficiary bank’s routing and transit number or the
CUNA Mutual Group y Funds Transfer Securityy June 2011
5
FEDERAL RESERVE REG J AND UCC 4A
beneficiary’s account number, in case the credit union needs to hold the member liable for any misdirected transfers that cannot be recovered. Incoming Wires If a credit union receives an incoming funds transfer and notices the name contained in the payment order does not match the name on the member’s account, the funds should be returned to the originating institution. If the credit union posts the transfer to the member’s account knowing the name does not match, the credit union could be held liable for the loss if it is unable to retrieve the funds from the member.
Funds Transfer Agreements and Request Forms – Additional Considerations As funds transfer losses continue to grow in both frequency and severity, credit unions are urged to adopt written funds transfer agreements with members. The agreement should be signed in-person at a branch office after the identity of the member is verified. The agreement should contain the following minimum provisions of UCC 4A:
• • •
Body of law which applies; Cutoff times established; Specification of the commercially reasonable security procedure chosen by the member;
•
If a business account, listing of the business’ employees authorized to submit transfer instructions;
• •
Ability for member to limit transactions up to a specific dollar amount; Member’s account to which the agreement applies, and that the noted account can be charged for the transfer amount;
•
Notice that transactions may settle by account number, even if the name provided for the account does not match, and the member’s liability in this situation;
•
Notice that transactions may settle by the financial institution’s identifying number, even if the name provided for the financial institution does not match, and the member’s liability in this situation;
•
Notice that next day notice will not be provided for credits to the account (if not, the credit union is required to send next-day notification of incoming transfers); and
•
The member’s written signature.
Written funds transfer agreements should always be adopted for business members due to the potential for large dollar transfers. Written agreements for business members should specifically name the business’ employees authorized to submit payment orders to the credit union. A business member could have an employee stealing from them and make a claim against the credit union that the employee was not authorized. The credit union
CUNA Mutual Group y Funds Transfer Securityy June 2011
6
FUNDS TRANSFER AGREEMENTS AND REQUEST
could have an uninsurable loss in this type of situation, as there was no fraud by an impostor. There has been some confusion over the proper use of funds transfer agreements and funds transfer request forms. A funds transfer agreement is not the same as a funds transfer request form. The following is a description of both and how they should be used: Funds transfer agreement – is a signed written agreement between the credit union and member documenting the commercially reasonable security procedure agreed to by the credit union and member for future funds transfer requests submitted by the member. It is not intended to be used as a funds transfer request form for individual requests. Funds transfer request form - is intended to be used to record a member’s funds transfer instructions and contains the routing number of the beneficiary and intermediary institution (if applicable), and the beneficiary’s account number for a specific transaction. It is used for one-time funds transfer requests.
Overview of Funds Transfer Coverage Requirements (Pre-October 1, 2010 Renewal Version)* The Funds Transfer coverage (pre-October 1, 2010 renewal version) requires credit unions to perform a “callback verification” to a “secure telephone number,” or have a signed funds transfer agreement that specifies a commercially reasonable security procedure the member agrees to use for future requests. These requirements apply to any funds transfer request the credit union receives by “telefacsimile,” “telephonic” means, “e-mail,” or through an online request form completed by the member and forwarded to an employee for processing. Wire transfers are the most common funds transfer request; however, the coverage also applies to ACH transactions (ACH credits) originated by the credit union as well as requests to transfer funds within the credit union from one member account to another member account. *
These coverage requirements were removed in the 2010 Fidelity Bond starting
with October 1, 2010 renewals. However, credit unions in the midst of a three year agreement on October 1, 2010 continue to be subject to the Funds Transfer coverage requirements until they come off the three year agreement. The Funds Transfer coverage requirements will continue to apply until the credit union renews the Bond starting with October 1, 2010 renewals.
CUNA Mutual Group y Funds Transfer Securityy June 2011
7
OVERVIEW OF COVERAGE REQUIREMENTS
The policy defines a “callback verification” as an outgoing telephone call placed by the
Fraudsters often find a way to defeat
credit union to a “secure telephone number” to verify the identity and authority of the
security procedures. Funds transfer
member. The callback verification must be performed prior to processing the funds
security procedures are no exception.
request and result in a positive confirmation that the instruction was sent by the member.
Credit unions often perform a callback verification using the telephone number on
The policy defines a “secure telephone number” providing one of six options for the
record to confirm members’ funds transfer
credit union to follow in order to verify the legitimacy of the callback number. “Secure
requests when the requests are made by
telephone number” is defined as follows:
telephone, fax, or e-mail. Fraudsters have defeated this security procedure by:
a. b.
c.
Was provided by the member or member’s authorized representative when the
•
impersonating the member to request
Was provided after the account was opened, in person by the member or member’s
a telephone number change on the
authorized representative who was physically present on your “premises,” and who
member’s account to a telephone
presented to you government-issued photo identification; or
number controlled by the fraudster
Was provided in a signed written funds transfer agreement with the member, or the
(e.g., the number to the fraudster’s
member’s authorized representative; or d.
e. f.
Calling the credit union and
account was opened; or
Was a replacement telephone number for the account, provided that you confirmed
pre-paid cellular phone), or
•
Contacting the member’s telephone
the legitimacy of the change through direct contact with the member or member’s
company and impersonating the
authorized representative at the previous telephone number on record; or
member to have the member’s home
You obtained from a public or private telephone directory that lists the member’s
telephone forwarded to the fraudster’s
name; or
pre-paid cellular phone
Was a replacement telephone number for the member or the member’s authorized
Either method results in the callback made
representative that you received at least 30 days prior to the receipt of the
directly to the fraudster rather than the
instruction.
member. Of course, the fraudster confirms the original funds transfer request.
The alternative to the callback verification is the written agreement approach. This is a pre-arranged process where the credit union and the member agree on a security procedure to be used for future requests. The procedure is then clearly documented in a written agreement signed by the parties. If a written agreement is used to qualify for coverage, credit unions should ensure it addresses all of the following:
•
It is pre-arranged with the member contemplating future transfer requests (it is a separate document than what is used for the actual funds transfer requests);
•
It is signed in-person by the member after identity is verified as agreements signed by an impostor would not qualify for coverage; and
•
It clearly specifies a security procedure to which both the credit union and member agree.
CUNA Mutual Group y Funds Transfer Securityy June 2011
8
OVERVIEW OF COVERAGE REQUIREMENTS
Credit unions are cautioned against relying on default wording that is found in some member account agreements. Such agreements often contain a phrase, such as, “credit union may establish security procedures.” This type of language will likely not satisfy the definition of a commercially reasonable security procedure, and therefore will not qualify for coverage. To qualify for coverage, the agreement must specifically state the security procedure that is consciously chosen by the member and the credit union must follow the procedure. The credit union should obtain a legal opinion to ensure the security procedure will be considered commercially reasonable under UCC 4A. Some online banking systems allow members to initiate funds transfers, including wires, ACH, and member-to-member transfers. If there is an element of human intervention by a credit union employee in processing funds transfers via the online banking system, the Funds Transfer coverage requirements apply. The coverage requirements would apply under the following circumstances:
•
A member completes an online form while logged into online banking that is forwarded to an employee for processing;
•
A member sends the transfer request via the “contact us” or similar communication feature while logged into online banking; or
•
A member using his/her mobile device sends a text message requesting a funds transfer.
The final requirement is that the instructions be recorded or logged by the credit union.
The Bank Secrecy Act (BSA) requires
The simplest way to accomplish this is to use a funds transfer request form that
financial institutions to keep a log of
documents both the member’s request, plus the security procedure that was used to
funds transfers of $3,000 or more.
authenticate the member. For callbacks, we recommend including, at a minimum, the
The information required depends on
following information on the funds transfer request form:
the institution’s role in the particular
• • • • • •
funds transfer (originator’s institution, Name of employee performing the callback;
intermediary institution, or
Telephone number used for the callback;
beneficiary’s institution). An
Source or verification of the callback phone number;
overview of the recordkeeping
If the callback number is from the member’s account, confirmation that it was not
requirements can be found at the
changed in the last 30 days;
Federal Financial Institutions
Name of the member confirming the request; and
Examination Council’s (FFIEC)
Date and time of the callback.
website as www.ffiec.gov.Body copy.
Emerging Fraud Issues
CUNA Mutual Group y Funds Transfer Securityy June 2011
9
EMERGING FRAUD ISSUES
Fraudsters have a wealth of information at their fingertips and are able to answer even the strongest security questions posed by credit unions in their attempt to verify the identity of members. This suggests that the callback verification may be losing it’s effectiveness as a security procedure to confirm the authenticity of funds transfer requests received remotely from members. Fraudsters employ a number of data mining techniques to obtain personal information on members including: 1.
Searching public databases for recorded mortgages, fraudsters search for HELOCs with high credit limits. Member signatures are easily lifted from recorded mortgages.
2.
Paying for background searches through skip-tracing sites to obtain personal information on members, such as Social Security numbers, birth dates, relatives’ names, prior addresses, and employment history.
3.
Using genealogy websites to build a member’s family tree to obtain mother’s maiden name.
4.
Fraudulently obtaining credit reports, which they use to get details on member HELOCs.
HELOC Fraud and More Fraudsters have easily initiated advances against members’ home equity line-of-credit (HELOC) loans to fund the transfers by calling the credit unions and impersonating the members in requesting the advances. In some cases, fraudsters successfully had member accounts set up for audio response by calling the credit unions, which they used to take advances against the HELOCs. In other cases, fraudsters initiated advances against member HELOCs via credit union online banking systems by compromising member login credentials or by successfully having a member’s online banking password reset to the default password. It should be noted that not all losses involved advances against member HELOCs to fund the transfers. After the fraudster successfully initiates an advance against the member’s HELOC, the next step is to request a large dollar funds transfer (often exceeding $100,000) by fax or phone to accounts at domestic and foreign banks. Fraudsters defeat the callback verification security procedure by:
•
Impersonating the member and contacting the credit union to have the member’s phone number changed to a number controlled by the fraudster, which is usually the number to the fraudster’s prepaid cellular phone, or
•
Contacting the member’s telephone company and impersonating the member to have the member’s home phone forwarded to the fraudster’s prepaid cellular phone.
CUNA Mutual Group y Funds Transfer Securityy June 2011
10
EMERGING FRAUD ISSUES
Funds Transfer Requests via Telecommunications Relay Services A number of losses from unauthorized funds transfer requests occurred when fraudsters impersonated a member and used a telecommunications relay service (TRS) to request a funds transfer by telephone. A TRS is a telephone service that allows persons with hearing or speech disabilities to place and receive calls. TRS uses relay operators, called communications assistants, to facilitate telephone calls between people with hearing and speech disabilities and other individuals. When a person with a hearing or speech disability initiates a TRS call, the person uses a text telephone (TTY) or other text input device to call the TRS relay center, and gives the communications assistant the number of the party that he or she wants to call. The communications assistant in turn places an outbound traditional voice call to that person. The communications assistant serves as a link for the call, relaying the text of the calling party in voice to the party called, and converting to text what the called party voices back to the calling party. Credit unions should still perform a callback verification or have a written agreement in place with the member for funds transfer requests made via TRS. The following controls apply when a credit union receives a funds transfer request through a TRS:
•
If the credit union knows the member has a hearing or speech disability, the callback verification should be made through a TRS. In this case, the credit union instructs the TRS communications assistant to call the member’s secure telephone number.
•
If the credit union does not know whether the member calling has a hearing or speech disability, the credit union can perform the callback verification to the member’s secure telephone number directly. If the employee performing the callback hears a series of “beeps,” it is likely coming from the member’s TTY equipment and the employee should perform the callback with the assistance of a TRS communications assistant. The employee should instruct the TRS communications assistant to call the member’s secure telephone number
•
If the credit union is unable to complete the callback verification, the member should be instructed to request the funds transfer in-person at a branch office. If the member intends to make funds transfer requests in the future, he or she should be encouraged to sign a funds transfer agreement.
Loss Controls In light of the techniques used by fraudsters to defeat the security provided by performing callback verifications, credit unions should require members to make large dollar funds transfer requests in-person at a branch office. Credit unions should consider establishing a monetary threshold for requiring funds transfer requests in-person. The threshold should reflect the credit union’s risk tolerance in accepting funds transfer requests by
CUNA Mutual Group y Funds Transfer Securityy June 2011
11
LOSS CONTROLS
phone, fax and email. Members requesting funds transfers that exceed the threshold would be required to make the request in-person at a branch office. For funds transfer requests below the threshold, credit unions can attempt to verify the authenticity of the request by performing a callback to the member. An alternative is to adopt a written funds transfer agreement that specifies a commercially reasonable security procedure agreed to by the member and credit union that the member agrees to use for future funds transfer requests. Credit unions can significantly reduce their exposure to loss from unauthorized funds transfers by implementing the following additional loss controls: 1.
Adopt a written funds transfer agreement with members for future requests.
2.
Do not rely on notarized signatures on faxed requests as notary seals and signatures are easily forged. Additionally, faxed images of government issued photo identification are not reliable as they are easily altered or may have been stolen from members.
3.
Encourage members to place a password on their account, which can be used to verify the authenticity of funds transfer requests.
4.
Do not allow advances against members’ HELOCs based on phone requests.
5.
Review the member’s account to determine if the funds transfer request is reasonable given the member’s history of requesting transfers. This is particularly important for large dollar requests.
6.
Credit unions electing to perform callback verifications should ensure their written policies and procedures address the following: −
Check the member’s account to determine if the phone number was changed within the last 30 days. If the member’s phone number was changed within the last 30 days, credit unions should not process the transfer unless the phone number change was verified through direct contact with the member (e.g., by calling the prior phone number)
−
Audible clues to listen for when performing the callback indicating the member’s phone may have been hijacked by the fraudster. These clues include an unusually long delay for the call to connect and/or clicking sounds; and
− 7.
Audible clues that suggest voice is not the member’s voice.
Be wary of large dollar transfers to foreign banks, especially institutions located in Korea, China and Japan.
CUNA Mutual Group y Funds Transfer Securityy June 2011
12
SYSTEM INTRUSIONS
8.
Credit unions should conduct frequent employee training on the loss control procedures utilized in processing funds transfer requests. All employees involved in the funds transfer process should be included in the training.
System Intrusions There has been a significant increase in system intrusions of third-party providers of wire and ACH services (e.g., corporate credit unions). Credit union employees’ login credentials (user name and password) used with third-party providers of wire and ACH services is being compromised. This type of information compromise allows fraudsters to login to third-party vendors’ systems to initiate unauthorized ACH credit files or outgoing wire transfers. Fraudsters are gaining access to credit union employees’ login credentials through banking Trojans that infect credit union computers. The banking Trojans capture the login credentials and returns the data to the fraudster. With this information, the fraudsters have virtually full access to the third-party ACH or wire systems. The following are important controls for credit unions to implement for their internal systems:
•
Use antivirus software with up-to-date virus definitions to routinely scan workstations and servers.
•
Ensure recent security patches are installed for installed operating systems and applications.
•
Monitor internal networks and online internet application traffic (e.g. online banking) for suspicious activity.
•
Prohibit employee use of social networking sites, instant messaging, or file sharing on credit union systems.
•
Prohibit employees from accessing ACH or wire systems from home computers – even if a Virtual Private Network (VPN) is used, as credit unions may not be able to ensure a secure computing environment in the employee’s home.
•
Use a dedicated computer to access the third-party vendors’ systems that is not used for e-mail or internet browsing.
Third-party providers of ACH and wire services may offer an enhanced multifactor authentication method as well as options for user settings to increase security. The following controls and security procedures should be implemented with the third-party vendor:
CUNA Mutual Group y Funds Transfer Securityy June 2011
13
POLICIES, PROCEDURES AND TRAINING
•
The strongest form of multifactor authentication offered by your third-party vendors for ACH and wire services. An effective multifactor authentication method includes a token device (e.g., USB token, password generating token, etc.) combined with user names and passwords.
• • • • •
Restrict days and hours of access to the ACH and wire system. Restrict credit union IP addresses with access to your third-party vendor’s system. Set an individual transaction dollar limit. Require dual controls and verifications. Establish a validation and confirmation process with your third-party vendor on outgoing ACH files and wire requests that exceed a monetary threshold.
Policies, Procedures and Training Credit unions should develop comprehensive written policies and procedures addressing the funds transfer process. The policies and procedures should address issues that can arise with funds transfers. All employees should receive training on the policies and procedures. Employees who are directly involved in the funds transfer process should receive periodic training on the policies and procedures. Credit unions should also ensure that new employees and temporary employees are trained prior to getting them involved in the funds transfer process.
CUNA Mutual Group y Funds Transfer Securityy June 2011
14
RISK MATRIX
Risk
Loss Exposure 1.
2.
The credit union receives a telephone request for a wire transfer of funds to the member’s account at another financial institution. The telephone number appearing on the caller ID system is the number that the credit union has on file for the member. It turns out the phone number showing up on caller ID was spoofed, and it was not the member making the call.
The credit union receives a faxed wire transfer request signed by the member. The member’s signature on the fax is verified against the signature card. The phone number in the fax header matches the member’s phone number on the account. In reality, a fraudster cut and pasted the member’s authentic signature on the fax and programs the fax machine to have the member’s home phone number appear in the header.
Loss Control Recent advances in Internet telephone capabilities have allowed people to easily spoof caller ID numbers. Relying on caller ID is not considered a reasonable security procedure. Members should be required to make large dollar funds transfer requests in-person at a branch office. A monetary threshold can be established for this purpose. For requests falling below the monetary threshold, a callback verification should be performed by the credit union to a “secure telephone number” along with the use of strong security questions to confirm the member’s identity. Another option is to have a signed written agreement where both parties have agreed to another type of commercially reasonable security procedure [refer to UCC 4A, Section 4A-202(c)]. Per UCC 4A-201, signature verification is not, by itself, considered a commercially reasonable security procedure. Members should be required to make large dollar funds transfer requests in-person at a branch office. A monetary threshold can be established for this purpose. For requests falling below the monetary threshold, a callback verification should be performed by the credit union to a “secure telephone number” along with the use of strong security questions to confirm the member’s identity. Another option is to have a signed written agreement where both parties have agreed to another type of commercially reasonable security procedure [refer to UCC 4A, Section 4A-202(c)].
CUNA Mutual Group y Funds Transfer Securityy June 2011
Insurance Implications May be covered under the Funds Transfer coverage in the Bond (pre-October 1, 2010 renewal version), but only if the credit union performed a “callback verification” to a “secure telephone number,” or followed another commercially reasonable security procedure as set forth in a written funds transfer agreement with the member. The Funds Transfer coverage requirements were removed in the 2010 Fidelity Bond starting with October 1, 2010 renewals. However, credit unions in the midst of a three year agreement on October 1, 2010 continue to be subject to the Funds Transfer coverage requirements until they come off the three year agreement. The Funds Transfer coverage requirements will continue to apply until the credit union renews the Bond starting with October 1, 2010 renewals. May be covered under the Funds Transfer coverage in the Bond (pre-October 1, 2010 renewal version), but only if the credit union performed a “callback verification” to a “secure telephone number,” or followed another commercially reasonable security procedure as set forth in a written funds transfer agreement with the member. The Funds Transfer coverage requirements were removed in the 2010 Fidelity Bond starting with October 1, 2010 renewals. However, credit unions in the midst of a three year agreement on October 1, 2010 continue to be subject to the Funds Transfer coverage requirements until they come off the three year agreement. The Funds Transfer coverage requirements will continue to apply until the credit union renews the Bond starting with October 1, 2010 renewals.
15
RISK MATRIX
Risk
3.
4.
Loss Exposure
Loss Control
While logged into the online banking system, a member uses the “contact us” feature (an email feature) to request a wire transfer. It is later discovered that it was not the member who requested the wire. A fraudster compromised the member’s online banking login credentials to gain access to the account.
A callback verification should be performed by the credit union to a “secure telephone number” along with the use of strong security questions to confirm the member’s identity. Another option is to have a signed written agreement where both parties have agreed to another type of commercially reasonable security procedure [refer to UCC 4A, Section 4A-202(c)].
May be covered under the Funds Transfer coverage in the Bond (pre-October 1, 2010 renewal version), but only if the credit union performed a “callback verification” to a “secure telephone number,” or followed another commercially reasonable security procedure as set forth in a written funds transfer agreement with the member.
A callback verification should be performed by the credit union to a “secure telephone number” along with the use of strong security questions to confirm the member’s identity. Another option is to have a signed written agreement where both parties have agreed to another type of commercially reasonable security procedure [refer to UCC 4A, Section 4A-202(c)].
The Funds Transfer coverage requirements were removed in the 2010 Fidelity Bond starting with October 1, 2010 renewals. However, credit unions in the midst of a three year agreement on October 1, 2010 continue to be subject to the Funds Transfer coverage requirements until they come off the three year agreement. The Funds Transfer coverage requirements will continue to apply until the credit union renews the Bond starting with October 1, 2010 renewals. May be covered under the Funds Transfer coverage in the Bond (pre-October 1, 2010 renewal version), but only if the credit union performed a “callback verification” to a “secure telephone number,” or followed another commercially reasonable security procedure as set forth in a written funds transfer agreement with the member.
While logged into the online banking system, a member uses the wire feature to complete an online form which is forwarded to a credit union employee for processing to transfer funds to an account at another financial institution. It is later discovered that it was not the member who initiated the transaction.
Insurance Implications
The Funds Transfer coverage requirements were removed in the 2010 Fidelity Bond starting with October 1, 2010 renewals. However, credit unions in the midst of a three year agreement on October 1, 2010 continue to be subject to the Funds Transfer coverage requirements until they come off the three year agreement. The Funds Transfer coverage requirements will continue to apply until the credit union renews the Bond starting with October 1, 2010 renewals.
CUNA Mutual Group y Funds Transfer Securityy June 2011
16
RISK MATRIX
Risk
Loss Exposure 5.
6.
7.
A member requests a wire transfer in-person at a branch office. The member completes and signs the wire transfer form providing the wire instructions, including the routing number of the beneficiary bank and the account number of the beneficiary. However, the member unknowingly transposes two numbers in the beneficiary’s account number and the beneficiary bank posts the incoming wire to the account number listed in the payment order. The credit union is unable to retrieve the funds.
A credit union receives an incoming wire but the name in the payment order does not match the name on the account. The credit union posts the wire based on account number.
A dishonest employee of a business member requests a wire transfer by phone to transfer funds from the business member’s account to the employee’s account at another financial institution.
Loss Control Under UCC 4A-207, the beneficiary bank is only obligated to match the beneficiary’s account number to the payment order. The written funds transfer agreement or funds transfer request form should provide notice to the member that transfers may settle by the beneficiary bank’s routing number and the beneficiary’s account number, even if the name provided for the beneficiary bank and/or beneficiary account do not match and that the member is liable for these situations. In order to hold the member liable, the written funds transfer agreement or the request form should be signed by the member. Refer to UCC 4A207(c)(2) and UCC 4A-208(b)(2). Under UCC 4A-207, the beneficiary bank is only obligated to match the beneficiary’s account number to the payment order. However, if the credit union notices that the name and account number do not match, the wire should be sent back to the originating institution, or else the credit union would be assuming liability for fraud and errors involved in the transaction. The credit union should adopt comprehensive policies and procedures along with staff training to avoid these types of mistakes. Adopt a written funds transfer agreement with the business member where both parties have agreed to a commercially reasonable security procedure [refer to UCC 4A, Section 4A202(c)]. The agreement should contain the names of the business member’s employees authorized to submit funds transfer requests.
Insurance Implications No coverage is available.
No coverage is available.
No coverage is available as this was the authorized user (not an impostor). This is a business risk to the credit union which can be shifted contractually back to the business member.
The agreement should also hold the business member liable for transactions submitted by their employees. The business member should obtain bond coverage covering the business for the dishonest acts of its employees.
CUNA Mutual Group y Funds Transfer Securityy June 2011
17
RISK MATRIX
Risk
Loss Exposure 8.
Credit union uses a funds transfer agreement prior to accepting telephone or fax requests. An impostor fills out the agreement, specifies a password as the security procedure, forges the member’s signature, and mails the agreement to the credit union. Unauthorized transactions are then done on the member’s account.
Loss Control Require the member to complete and sign the agreement in-person at a branch office. Avoid notarized signatures as notary stamps and signatures are easily forged.
Insurance Implications If relying on the written agreement to comply with the Funds Transfer coverage requirements (pre-October 1, 2010 Bond renewal version), the agreement must be signed by the member. There is no coverage for written agreements signed by an impostor. The Funds Transfer coverage requirements were removed in the 2010 Fidelity Bond starting with October 1, 2010 renewals. However, credit unions in the midst of a three year agreement on October 1, 2010 continue to be subject to the Funds Transfer coverage requirements until they come off the three year agreement. The Funds Transfer coverage requirements will continue to apply until the credit union renews the Bond starting with October 1, 2010 renewals.
CUNA Mutual Group y Funds Transfer Securityy June 2011
18
CUNA Mutual Group is a leading provider of financial services to credit unions, their members, and valued customers worldwide. With more than 75 years of market commitment, CUNA Mutual’s vision is unwavering: to be a trusted business partner who delivers service excellence with customer-focused, best-in-class products and market-driven innovation. Visit www.cunamutual.com or call 800.356.2644 for more information.
CUNA Mutual Group Proprietary and Confidential. Further Reproduction, Adaptation, or Distribution Prohibited. Insurance products offered to credit unions are underwritten by CUMIS Insurance Society, Inc., a member of the CUNA Mutual Group. CUNA Mutual Insurance Agency, Inc., an affiliate within CUNA Mutual Group, is the marketing agent licensed to broker Property and Casualty coverages. CUP-0611-233A © CUNA Mutual Group, 2011 All Rights Reserved.
P.O. Box 391 5910 Mineral Point Road Madison, WI 53701-0391 800.356.2644 www.cunamutual.com
