In the last article I submitted (Do not fall prey to Account Takeover Fraud) I discussed how consumer education is the first line of defense in account takeover fraud.
But fraudsters could also be inside the banks I the form of bank employees, just like the old saying goes “the best way to rob a bank is to own one”.
Consumers’ education, as the first line of defense in account takeover fraud, is limited to only protecting financial information before it gets in the wrong hands. Having this in mind, the question is, what can Banks do to prevent fraudsters from transferring money from your account especially if they already have control over your account information?
Financial institutions should ensure the following safeguards are in place when transferring funds from client’s accounts: They should provide customers with unique codes that are required to authorize or order wire transfers, maintain and update lists of employees authorized to perform wire transfer transactions.
They should compile audit trails of incoming and outgoing wire transactions, as well as the employee responsible for each portion of the transaction.
I suggest a review of all wire transfer transactions at the end of each day to ensure that the original transfer instructions were executed correctly.
Financial institutions should make sure the businesses to which the funds are transferred are contacted to ensure authenticity of fund transfer requests.
If the businesses are contacted by phone, the phone numbers used should be the original numbers given by the customers when the accounts were opened and not the phone numbers provided by the callers who requested the transfers.
A recent change in the contact numbers should be carefully investigated. Don’t execute wire transfers solely from faxed instructions.
Again, verify authenticity by phoning the original numbers given by the customers when the accounts were opened and not the numbers provided by the callers who requested the transfers.
Require that all accounts affected by wire transfers be reconciled by bank employees not involved with the wire process.
Banks must ensure that the in-house wire operations manual is available only to authorized personnel and secured when not in use—especially after hours. Cleaning crew employees could help themselves to client pass codes and other confidential information.
Bankers should record all incoming and outgoing calls for wire transfer instructions, carefully screen wire transfer personnel applicants and reassign to other departments wire transfer employees who have given notice that they are resigning but still have some time left with the company.
Require all employees involved in the transfer of funds to take at least five consecutive days of vacation each year; assign their duties only to other transfer department staff members during their absence.
Make sure bank employees never disclose sensitive information over the telephone until the caller’s identity and authorization have been verified to the customer information file.
Financial institutions should separate the duties among wire employees who transmit or receive requests for funds; these employees shouldn’t also verify the accuracy of the transactions.
Train all employees on proper internal controls, fraud awareness, and a continuous fraud risk assessment to identify fraud schemes that put your organization at a great risk and develop high-level mitigating factors to weed out significant frauds at its earliest stage.
These steps will all decrease the incidents of banking fraud.
Derick Kirunga is a fraud prevention specialist
IFF Institute of Fraud Prevention April- 2010 Fraud Newsletter & Forensic Studies See fraud clearly