August 10, 2021
As part of our Problem solved series, Habitat interviewed Meghan hallinan, Senior Vice-President, Commercial Private Banking at BankUnited.
All of our digital devices make us ripe for fraud or hacking, whether it’s outright theft or theft of personal information on our servers. From a banker’s perspective, what are the different ways that digital fraud occurs?
Compromising emails is probably one of the biggest fraud schemes we are seeing today. There are several different ways for a scammer to break into an organization, but I would say compromising work email, compromising tech support, ransomware data breach, and phishing are probably the most common ways.
What can a bank do to minimize the risk so that my account is not compromised?
There are several products that prevent financial transactions from leaving the bank. We have positive compensation for fraud by check or that is converted to automated clearing house or wire transfers. We have ACH debit blockers to protect accounts. We also have levels of security when sending ACH or Telegraph payments so that there are multiple levels of approval. Our fraud team is also constantly monitoring every business account and personal account for activities, so if anything abnormal appears, we will report it and call the customer and make sure it is. a valid transaction. In addition, we have the back-end monitoring and we also teach our customers the recall procedures. We make sure we can get ahead of anything that looks fishy, or we can reach out to the customer to verify an important transaction before it leaves the bank. We have also caught a lot of fraud this way.
You mentioned a fraud team. Do you have a group of people? Is that their job?
We have a great team, and that’s all they do. They will also work with our clients in the event of fraud to ensure that all of their computers are free of malware and that they have the appropriate protocols in place to prevent fraud in their organization.
(Do you like what you read? To get Habitat newsletters sent to your inbox for free, click here.)
What kind of protocols should boards expect with their management companies, or maybe even their own board colleagues?
Obviously, no one should send sensitive financial banking information via email unless it is secure. We always teach our customers and our board members that if you are wiring to a new location, be sure to pick up the phone and verify these instructions over the phone with the person whose number is registered. That way you don’t end up in something where an email has come in and asks you to wire funds, and you assume you’re talking to a provider you’ve been working with for a long time, and you send the funds without doing a reminder. Because everything is accessible online, we teach our clients that this is the first line of defense.
Not sure if funds are transferred to the co-op / condo community, but they are paid through ACH by the management company and even the boards of directors. How is it monitored?
The right protocols must be in place. Whether it’s payroll or vendor payment, boards need to ensure that there is a process for sending payments and new payment destinations to ensure they are accurate. Boards want to make sure they’re talking to their management company about their protocol for sending electronic payments, and they want to make sure they’re involved. A lot of board members are really involved in their reserve accounts, and they will end up running that account and sending money from their reserve account to a new reserve, or maybe to the operating account. So it is always very important to make sure that you have verified this information over the phone. Again, we can set up templates so that if you have a destination that has been verified and you consistently wire to that destination, it’s an approved template that no one can touch, so they can’t can’t change the information, then send a cable to the wrong place.
Boards of directors have a ton of sensitive information about their shareholders and their property management company. What should we take away from boards of directors given the fear of fraud and hacking?
I think boards really need to understand where their information is stored and how it is protected. Everyone should make sure they have a computer fraud insurance policy because it is on the increase. Additionally, have email protocols and make sure everyone is familiar with them. Are staff trained not to click on phishing links and enter their systems? Are the board members also in the know? Do they have a secure way to communicate financial transactions between themselves and the bank, or between them and property management companies? You just have to review everything and put everything in place to try to avoid the worst case scenario.