Tom Cronkright, CEO and co-founder, CertifID
Why do banks and other financial institutions need to pay more attention to wire fraud?
In real estate, wire fraud is now the number-one cybercrime in the US; and the FBI estimates losses of $1 billion dollars in 2017 alone.
Fraudsters are using next-level phishing and social engineering tactics to gain access to an email account of a transaction participant and use that access to pose as builders, title companies, attorneys and lenders to send fake wiring instructions so that funds are diverted.
How bad is wire fraud?
Fraud is exploding in the mortgage, real estate and title industries, rising 1,100% in the last two years. No one is immune from the wire fraud threat as they prey on the weakest link in the transaction ecosystem. Most recently, buyers have been the hardest hit as they are tricked into wiring money to a fraudster rather than their title company that is closing the transaction. Lenders, real estate agents, attorneys, builders and developers must be on alert as well. We are seeing an increase in wire fraud for newly constructed homes.
How does wire fraud work?
In a typical case of wire fraud, the cyber perpetrator hatches a targeted Business Email Compromise (BEC) scheme for the purpose of gaining access to the email accounts of participants in a transaction. Once they have access, they insert themselves in the communication chain in the guise of qualified parties to the transaction. In almost every case, the buyer, lender or title company ends up wiring the closing funds directly to an account owned by the cyber perpetrator. The communications from the fraudster is timely, accurate and convincing. This leads the victim to believe that she is following the request or instruction of a trusted party in a transaction when, in reality, the email or even phone call has come directly from the perpetrator.
Wire transfers in real estate transactions have become a target for three reasons:
- They are incredibly lucrative – most wire transfers exceed $200,000
- They involve multiple parties – all communicating electronically
- All the info needed to start a fraud is easily searchable online
How can small businesses and individuals protect themselves?
At CertifID, we help any two parties safely and securely exchange wiring instructions. We’re a real-time identity platform for real estate, mortgage and title industry professionals by authenticating parties in a transaction and securely transferring bank account information. For under $10, we guarantee each wire transfer up to $500,000 against fraud without disrupting your wire system, bank or software.
Do you have any personal experience with payment fraud that has brought you to where you are today in business?
As an attorney, I co-founded Sun Title, one of Michigan’s largest title agencies. My fellow co-founder and business partner, Lawrence Duthler, and I fell victim to fraud in 2015 when we wired $180,000 to a fraudster thinking he was a legitimate seller. We successfully tracked down who they were–a global network of code crackers wreaking havoc on more than 25,000 title companies in the US through hijacked email, fake phone numbers, and stolen information.
After this experience, Lawrence and I identified a need in the marketplace to create a real-time solution to verify identities and documents in financial transactions, bringing us to create CertifID so we can help other businesses and individuals protect their information and wire money securely.
How exactly does CertifID do to combat wire fraud?
CertifID ensures the authenticity of transaction-related communications by overlapping four proven processes:
- Digital Verification: We ensure each user is connecting through trusted devices that they own or use on a regular basis by harnessing billions of digital records and metadata associated at the device level.
- Knowledge Based Authentication (KBA): We’ve created a series of customized “out of wallet” questions that only the authorized individual could know or answer–even if their personal information has been compromised.
- Two-Factor Authentication (2FA): We require a unique one-time code that users must provide from a device that has been validated via text, call or Google Authenticator.
- Bank Account Certification: We confirm and display the institution routing information and allow the account holder to confirm his/her own bank credentials before funds are transferred.