RynohLive Blog

Monthly Reconciliation Helps Theives Steal Millions

support@rynoh.com (Stephanie Davis) — Tue, 21 Sep 2010 08:48:15 EST

"Defalcation and theft are epidemic in the title industry because it's so profitable and so easy," according to Rafael Toledo, Jr., President of IDSnetwork, Inc. in Sanford, FL. An insurance fraud investigator for over 20 years, he says that escrow account fraud perpetrators are more likely to be owners than employees. "Sometimes it simply starts when an owner cuts their commission check before the deal closes or they need funds to make the payroll. Or maybe an employee has an overdue credit card bill."

One challenge is reconciling accounts often enough to recognize the theft or detect a pattern that would raise suspicion. The current standard is to reconcile escrow accounts monthly. All too often the person doing the reconciliation is the owner or a manager with the authority to disburse escrowed funds.

New York State, seeking to deter defalcations in the title industry recently formed a Mortgage and Title Unit within the State Insurance Department's Fraud Bureau. The move was spurred by the increase in defalcations including two cases under investigation where title company owners allegedly misappropriated more than $6.7 million.

According to the NY Mortgage and Title Unit there are several steps settlement agents can take to deter defalcations and theft:

Don't insure behind a naked transaction.
Submit accurate information on the HUD-1 form. Agents need to ensure that the HUD-1 form is accurate, truthful and in compliance with the lenders closing instructions.
In purchase transactions, submit only the seller's proceeds. In refinance transactions, transmit only the borrower's loan proceeds.
Send the payoff letter on the date of disbursement via certified mail or courier.
Get an automated solution to monitor your escrow accounts through three-way and daily reconciliation of escrow accounts.

Looking for a solution?

More and more settlement companies are discovering the Rynoh solution.
Rynoh is a complete settlement industry escrow account management system that includes daily three-way escrow account reconciliation and reporting combined with positive pay banking options.
Rynoh helps to:

Immediately identify and eliminate defalcation, embezzlement and check fraud
Eliminate disbursing errors
Maintain accounts at an "audit ready" level every day
Track revenue daily to prevent losses and increase profitability

For more information and to talk with current Rynoh users contact Dick Reass at 877-467-9664 or e-mail dick.reass@rynoh.com. Visit Rynoh at www.rynoh.com.

Escrow fraud concerns escalate with cyber fraud reports

support@rynoh.com (Stephanie Davis) — Tue, 07 Sep 2010 14:58:35 EST

Escrow and cyber fraud are becoming more and more prevalent throughout the title insurance industry, as agents question how best to protect themselves from threats. The answer to that question and more will be provided in October Research Corp.’s upcoming Webinar Combating Internal Fraud: People, Processes and Technology Firewalls. Read on for the details. (8/20/2010)

Recent cases of corporate identity theft and cyber fraud have put title agents on the alert concerning the safety of their overall business as well as their escrow accounts. Agents are scrambling to put more effective controls in place to build a stronger bulwark around their companies. What can agents do to ensure the safety of both their identity and their accounts against internal and external threats?

On Sept. 16, October Research Corp. will host a Webinar to outline what agents can do to put in place protocols to prevent internal escrow fraud as well as cyber fraud. Information about the Webinar, Combating Internal Fraud: People, Processes and Technology Firewalls, can be found at www.octoberstore.com.

The Webinar will feature RynohLive President Dick Reass, Agents National Title Insurance Co. CFO Brent Scheer and RynohLive COO Rafael Toledo Jr. and will be moderated by The Title Report editor Jennifer Kovacs.

Toledo, who has more than 25 years experience in criminal investigations, both as a police officer and a private legal investigator, will share some dire warnings for title agents about new fraud schemes he is seeing in the marketplace.

“A national bank called us recently and had a unique situation,” Toledo recalled. “They loaned some money to a borrower whose identity had been stolen. But here was the interesting piece: The title agent and policy they received were also fraudulent. The identity of the agent had been stolen.”

Toledo recounted that the fraudsters had gone online to a state licensing site and changed the address of the tile company and the registered agent under that company’s name. Once they did that, it appeared that they were operating a legitimate title company using a legitimate underwriter.

“They opened a checking account using the agent’s stolen identity and then processed a loan like they were a title agent for a borrower who had great credit — whose identity was stolen as well. When the money was sent by the bank to the title agent to close, they stole the money and sent the bank a fraudulent closing protection letter and policy. The bank didn’t find out until 30 or 60 days later when there was no payment,” Toledo said.

According to Reass, there are many things agents can and should be doing to protect their accounts. “It’s a combination of account management, what you need to do to work effectively with your bank to protect your company, and what you can do to put up better firewalls against cyber fraud,” he said.

During the Webinar, Reass and Toledo will cover a wide range of topics including the necessity of three-way reconciliation and daily reconciliation; the importance of choosing the right software, procedures and bank; the need for the entire staff to be thoroughly grounded in what are truly “good funds;” and other basic internal processes that can prevent agents from becoming a target for internal or external threats.

Combating Internal Fraud: People, Processes and Technology Firewalls will air Thursday, Sept. 16, 2010, at 2 p.m. ET. To register or to order a recording of the Webinar, visit www.octoberstore.com or call (877) 662-8623 ext. 7221 for more information

Online Account Best Practices

support@rynoh.com (Stephanie Davis) — Mon, 09 Aug 2010 15:15:28 EST

Online Account Best Practices:

• Reconcile and review all banking transactions on a daily basis.
• Initiate wire transfer payments only under dual control, with a transaction originator
and a separate transaction authorizer.
• Use tokens for all online transactions to provide an additional layer of authentication.

Computer systems best practices (including but not limited to):

• If possible, carry out all online banking activities from a stand-alone, hardened and completely locked down computer system from which e-mail and Web browsing (beyond the secure online banking site) is not possible.
• Be suspicious of e-mails purporting to be from a financial institution, government department or other agency requesting account information, account verification or banking access credentials such as usernames, passwords, PIN codes and similar information.
• Opening file attachments or clicking on web links in suspicious emails could expose the
system to malicious code that could hijack your computer.
• Install a dedicated, actively managed firewall, especially if they have a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to a network and computers.
• Limit administrative rights on users’ workstations to help prevent the inadvertent downloading of malware or other viruses.
• Install commercial anti-virus and desktop firewall software on all computer systems.
• Free software may not provide protection against the latest threats compared with an industry standard product.
• Ensure virus protection and security software are updated regularly.
• Ensure computers are updated regularly particularly the operating system and key applications with security updates. It may be possible to sign up for automatic updates for the operating system and many applications.
• Consider installing spyware detection programs.
• Recommend clearing the browser cache before starting an Online Banking session in order to eliminate copies of web pages that have been stored on the hard drive. How the cache is cleared will depend on the browser and version. This function is generally found in the browser’s preferences menu.

Online Best Practices (including but not limited to):

• Train staff with access to online accounts on best practices to be used online.
• Create a strong password with at least 10 characters that include a combination of mixed case letters, numbers and special characters and change that password regularly.
• Prohibit the use of “shared” user names and passwords for online banking systems.
• Use a different password for each website that is accessed.
• Never share username and password information for Online Services with third-party providers.
• Verify use of a secure session (https not http) in the browser for all online banking.
• Avoid using an automatic login features that save usernames and passwords for online banking.
• Never leave a computer unattended while using any online banking or investing service.
• Never access bank, brokerage or other financial services information at Internet cafes, public libraries, etc. Unauthorized software may have been installed to trap account number and sign on information leaving you vulnerable to possible fraud.

Title Agents lose millions due to Cyber Attacks: Protect Your Agency

support@rynoh.com (Stephanie Davis) — Thu, 05 Aug 2010 14:32:53 EST

In the past few months title agents have had hundreds of thousands of dollars illegally wired from their escrow accounts due to a not so new form of cyber crime-Botnet. There are many forms of Botnet.

Commercial banking is a target too large for criminals to ignore, and they are stealing hundreds of millions of dollars in schemes that attack online banking computers. The title agent is a prime target. It is a pervasive problem that is proliferating. A Botnet is a malicious software (malware) that can steal information, and among other things be used to wire funds from your escrow account! The primary culprit for the title agent is the ZeuS Botnet. The ZeuS Botnet is commercially available over the internet and may be “purchased” for as little as $3,000.00. The latest version of this cybercrime toolkit, which starts at about $3,000, offers a $10,000 module that can let attackers completely take control of a compromised PC. For the title agent, the hacker uses ZeuS to steal financial credentials and initiate fraudulent transactions primarily in the agent’s online banking portal. The hacker also can access automated clearing house (ACH) networks and payroll systems. Zeus is a very sophisticated Botnet variant. that spreads by concealing itself in many formats (email, drive-by downloads and open Internet Browsers). ZeuS and other Botnet variants have taken over hundreds of thousands of desktops and sometimes servers. Your typical spyware and antivirus programs will not necessary protect you. More often than not the Botnet remains undetected. Once the ZeuS Botnet has infected your computer, it sends instructions to the criminal(s) waiting to access your account using the collected credentials. Cyber-criminals masquerade as the agent to execute wire transfers to on/off-shore banks. Even the use of an RSA* token will not prevent a successful Cyber attack! (*An RSA token is a random number generator that is used to reduce wire fraud). Once the money has moved offshore the likelihood of recovery is nil.

I have spoken with agents that have recently lost money from their escrow accounts due to the ZeuS Botnet. There has been one common factor for each of the agents experiencing the fraudulent wire. They did not use dual controls and best practices for initiating wire transfers. This problem is especially prevalent in small agencies. I have surveyed small agents at recent NS3, ALTA and VLTA meetings. A very large percentage of them only use single wire controls because: a) They would never steal from their escrow account! or b) It is a “real imposition” for them to use dual controls. They really do not fully appreciate the magnitude of the problem. It is really a bigger imposition to lose $200,000 or more. They must at a minimum adopt the best practices (Best Practices) in order to “harden” their on-line banking process. There are also other products that are available today to combat the Zeus Botnet and other malware (IronKey). Traditional anti-virus products do not afford foolproof protection!

RECENT INCIDENTS

In April a Missouri Agent lost $400,000. A post mortem with the company disclosed that they were only using a single individual for the online bank wiring process. Had it not been for RynohLive, their Escrow account would have been drained. They lost $400,000. RynohLive was only able to alert the agent after the fact. A wire transfer is instantaneous. For the Missouri Agent, they were able to notify the bank before the Zeus Botnet came back the next day to further drain the account. RynohLive’s alert prevented a subsequent loss in excess of $800,000

From speaking at length with a Virginia agent after a very recent $200,000K loss, what was most telling was that the agent was using an RSA token! The ZeuS Botnet still got into their online banking system and sent the money. But then again that is what it does. When I had asked if they were using dual controls, the response was in the affirmative. It was their understanding that the token was the ”second or dual control” in the process, and that that they were protected! Sadly that was not the case. Dual control is two separate individuals from separate computers. What really was required was that second individual with another token and computer, and while that is significantly more secure it is by no means entirely fool proof. That distinction should have been explained to him by his banker. Additionally, the agent was “locked” out of their account during the several days that the cyber attack was occurring! DON’T JOIN THE GROWING LIST OF VICTIMS

Richard M. Reass
President
RynohLive