Information Security and Wire Transfer Fraud are critical topics for the land title insurance and settlement industry. Wire Transfer Fraud is a threat to every title operation regardless of size, location or years in business. ALTA’s priority is helping you protect your systems, plan for a rapid response in case of an incident, and prepare your employees, clients and customers to be aware and vigilant.

The ALTA Board has identified information security and wire transfer fraud as a Strategic Priority and staff are working to educate members on security threats to their businesses in both cyber and physical environments, collaborate with coalition partners to raise consumer awareness about information security and wire transfer fraud, and promote best practices for protecting personal funds and information and seek policy change that will protect consumers.

Do You . . .

• work in the land title insurance industry?
• use a computer, tablet or smartphone?
• talk and email with vendors, clients, customers and consumers?

ALTA Helps You

• understand the legal and regulatory requirements for your operation. Jump to Federal and State requirements.
• be aware of the latest threats and schemes. Jump to the latest news about information security and wire transfer fraud.
• protect your information technology systems. Jump to resources.
• prepare your people to be aware and vigilant. Jump to employee awareness, recorded webinars, or the ALTA Outgoing Wire Preparation Checklist.
• respond rapidly in case of an incident. Jump to the Rapid Response Plan for Wire Fraud Incidents.

Tools You Can Use

Get The Facts

• FBI Public Service Announcement (I-050417-PSA). 10-minute read. The PSA, dated May 2017, describes Business Email Compromise (BEC) and Email Account Compromise (EAC) schemes and how they lead to wire fraud.

• 2017 Internet Crime Report. Published by the FBI's Internet Crimes Complaint Center (IC3). Take 30 minutes to read this report and discover the trends in cyber crime, which impact more than 200,000 victims every year and result in losses topping $1 billion.

Establish and Maintain Operational Readiness

• NEW ITEM: ALTA Outgoing Wire Preparation Checklist: Use this checklist as a best practice for verifying outgoing wire information.
• ALTA Rapid Response Plan for Wire Fraud Incidents: The standard ALTA Rapid Response Plan for Wire Fraud Incidents has been developed by the ALTA Information Security Committee. Download and customize:
• ALTA Rapid Response Plan for Wire Fraud Incidents
• Rapid Response Worksheet - available in Excel Format or PDF
• ALTA Best Practices. The third pillar of ALTA’s “Title Insurance and Settlement Company Best Practices” provides procedures that should be taken to protect non-public personal information (NPI).
• Federal Requirements. Gramm-Leach-Bliley Act (GLB): This regulation requires financial institutions—companies that offer consumers financial products or services like loans, financial or investment advice, or insurance—to explain their information-sharing practices to their customers and to safeguard sensitive data. These companies include title and settlement companies, as well as law firms.
• State Requirements. Forty-seven states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private, governmental or educational entities to notify individuals of security breaches of information involving personally identifiable information.

Promote Employee Awareness and Preparation

Title and settlement professionals are on the front line in the battle against wire transfer fraud. Use these tools to help prepare your employees:

• Monitor and Improve Employee Skills and Awareness.
  Consider a phishing security test for all of your employees. These companies can help:
• Security Planner: https://securityplanner.org
• PhishMe: https://phishme.com/free
• KnowBe4: https://www.knowbe4.com/resources
• Webinars to Watch:

• Data Security Essentials: Strategies to Protect Non-public Personal Information (Download copy of presentation)
• Fortify Your Business: Lock Down Data and Protect Client Funds (Download copy of presentation)
• Safeguarding Escrow Trust Accounts
• Best Practices: Protecting Non-public Personal Information (Download copy of presentation)
• Fraud and Your Escrow/Trust Accounts (Download copy of presentation)
• ALTA Meetings Focus on Information Security:
• ALTA Innovation Boot Camps for 2019 in Raleigh (April) and Chicago (August). Sessions cover cyber fraud, cyber insurance, data privacy laws and regulations, effective training for staff, Realtors, and consumers. Also - meet vendors with solutions!

Be a Leader for Clients & Consumers

ALTA has developed tools to help you educate consumers about the dangers of wire fraud.

• ALTA Wire Fraud Video: This 2-minute video provides four tips on how consumers can protect their money and offers advice on what to do if they have been targeted by a scam. Link to this video from your website, include in your email or share on social media.
• ALTA Wire Fraud Infographic: ALTA has produced this Rack Card explaining Wire Fraud. ALTA Members can brand the infographic with their own information at the ALTAprints website.
• ALTA Wire Fraud PowerPoint for Consumer Education: (Member-only content) Use this presentation to educate consumers about the dangers of phishing emails and wire transfer fraud. The presentation provides information on what to do if you’ve fallen victim to a scam and also highlights 10 tips to prevent wire fraud.

Information Security Articles

Recent 2019 2018 2017 2016 2015 2014

 Congress Passes Cybersecurity Legislation

The U.S. House of Representatives unanimously passed S. 2519, the National Cybersecurity Protection Act of 2014, which the Senate passed earlier this week.

 2015 Data Breach Forecast: Employees will be Biggest Threat

In its 2015 Second Annual Data Breach Industry Forecast, Experian predicted that companies’ biggest threat for cyber attacks will continue to come from employees, but will receive the least attention.

 Email Scam Gets You Free Malware, Not Free Pizza

An email going around says you can join in celebrating Pizza Hutt’s 55th anniversary by getting a free pizza at any of its restaurants. Just click on the “Get Free Pizza Coupon” button, the email encourages. Don’t do it. There’s no free pizza. Clicking on the coupon will just install malware on your computer, according to the Federal Trade Commission.

 FFIEC Conducts Cybersecurity Assessment of Financial Institutions

Rapidly evolving cybersecurity risks reinforce the need for all institutions and their critical technology service providers to have appropriate methods for obtaining, monitoring, sharing and responding to threat and vulnerability information, the Federal Financial Institutions Examination Council (FFIEC) reported in a cybersercurity assessment.

 Report: Identity Fraud Rises 9 Percent

While Interthinx reported that mortgage fraud remained unchanged from the previous quarter, instances of identity fraud increased 9 percent during the second quarter of 2014. The increase in this type of activity is important to title and settlement agents as lenders will often try to hold them liable for not detecting the fraud at the closing table.

 Top Cyber Threats and 10 Security Tips for Title Professionals

Social engineering, spearfishing, whaling and microphishing are some of the most common cyber threats today. Would your employees know if they received a spoofed email from one of your lender clients? Is your system protected against unauthorized access to confidential data? Title professionals must be vigilant with their cyber security by talking with their network security staff and legal team, to update software regularly, strengthen password integrity and comply with regulations.

 Strong Passwords: The First Line of Defense

It’s crucial to pick strong passwords that are different for each of your important accounts and it is good practice to update your passwords regularly. Read on for general recommendations on creating a strong and complex password.

 Email Encryption: Locking Down Data a Business Necessity

With regulatory requirements and cyber threats pushing title professionals to protect non-public personal information included in email, finding an easy-to-use solution is key to successful deployment. Read on for information on why email encryption is important, how it works and how to select the right option for your business needs.

 Federal Agency Launches Cybersecurity Web Page, Promotes Awareness of Cybersecurity Activities

The Federal Financial Institutions Examination Council's web page will serve as a central repository for current and future FFIEC-related materials on cybersecurity.

 FCC Net Neutrality Rules Could Create Fast, Slow Internet Lanes

While proposed net neutrality rules proposed by the Federal Communications Commission are meant to prevent Internet providers from knowingly slowing data, they would allow content providers to pay for a guaranteed fast lane of service. Some opponents of the plan argue that allowing some content to be sent along a fast lane would essentially create an unlevel playing field.

 Protect Your Escrow Funds: ‘Don’t Use QuickBooks’

Maintaining the integrity of the funding process is among lenders top concerns. In light of recent defalcations, lenders will require evidence that mortgage funds are being properly monitored, reconciled, secured and disbursed. Read on for advice on policies and procedures to protect funds held in escrow.

 Another View: Two Good Ways to Put Your Email at Risk

Last week, ALTA ran an article on email encryption titled “Tips on Sending Encrypted Email: Make It Simple” that said a technology called TLS or Opportunistic TLS makes the integration seamless. Today, we run another point of view that says utilizing TLS or opportunistic TLS could leave your company vulnerable to data breaches.

 Eight Cybersecurity Issues You Should be Concerned About

The cybersecurity programs of US organizations do not rival the persistence, tactical skills and technological prowess of their potential cyber adversaries, according to the 2014 US State of Cybercrime Survey. Read on for a list of eight items that companies should consider when developing a cybersecurity program.

 Tips on Sending Encrypted Email: Make It Simple

When sending encrypted email to protect non-public personal information, not only is it vital to make receiving messages simple for customers, the technology implemented should avoid disrupting staff workflow. Find out why title professionals should consider an auto-encrypt solution that eliminates the potential of an employee forgetting to protect an email with non-public personal information.

 IT Pays to Be Prepared: The Cost of Data Breaches

Title and settlement companies’ failure to properly guard non-public personal information may carry a hefty price tag regardless of whether an actual injury results from the breach. Now is the time to implement data security measures that will protect your company and your customers in the future.

 10 Cybersecurity Tips for Title Companies

The Internet and information technology are powerful tools in helping title companies reach new customers, and increase productivity and efficiency. However, businesses need a cybersecurity strategy to protect their own business, their customers and their data from growing cybersecurity threats. Read on for tips from the Federal Communications Commission on how to protect your company.

 Know What’s Considered Non-public Personal Information and Where It’s Located in Your Company

To be able to comply with this pillar of best practices, it’s important to understand what constitutes non-public personal information and where it can be found in a company, including how information is collected, acquired, stored, transmitted and disposed.

 User Names, Passwords Top Hacker Targets, Report Concludes

The use of stolen and/or misused credentials—such as user name/passwords—continues to be the top way for hackers to gain access to information, according to the 2014 Verizon Data Breach Investigations Report. The report also identified nine main threat patterns.

 Thieves Steal Earnest Money Through Email Fraud Scheme

Title agents should be aware of a new email fraud scheme where hackers are targeting consumers and stealing earnest money for upcoming transactions. Read on to learn how the scam is perpetrated.

 SEC Issues Cybersecurity Risk Alert

The alert outlines areas the SEC will assess in an upcoming examination of more than 50 registered investment advisers and broker-dealers.

 How to Shop for Cyber Insurance

Cyber insurance can be an extremely valuable asset in an organization’s strategy to address and mitigate cyber security, data privacy and other risks. However, selecting and negotiating the right insurance product can be a challenge because of the lack of standard language and issues with "off-the-shelf" policies. Read on for tips from Roberta Anderson, a member of K&L Gates’ firm’s global insurance coverage and cyber law and cybersecurity practice groups.

 Chase Plans Enhanced Cybersecurity Efforts

The nation’s largest financial institution expects to spend more than $250 million this year on cyberdefense, with 1,000 employees assigned to the task, Chairman and CEO Jamie Dimon wrote in a letter to shareholders. Chase also plans to build three cybersecurity operations centers at its regional headquarters.

 Title Company Finds Effective Email Encryption Solution

Email encryption is used to ensure that only the intended recipient is able to access the email and any attachments. Traditionally, deploying email encryption services has been complex and cumbersome. Read on to learn how Wisconsin Title Closing & Credit Services stumbled upon a solution that's worked rather seamlessly and helps the title company protect non-public personal information.

 Heartbleed Bug Exposes Internet Data

Earlier this week, a major new security vulnerability called Heartbleed was discovered that has exposed millions of passwords, credit card numbers and other non-public personal information to potential theft by computer hackers.

 Malicious Attack on Loan Origination Software Provider Stalls Closings

A malicious attack earlier this week on Ellie Mae’s loan origination software Encompass caused many closings to be delayed, forcing lenders to pay for rate lock extensions

 4 Employee Training Tips to Ensure Compliance With Company Security Program

Once a company has developed, formalized and implemented Best Practice policies and procedures, it’s important to effectively manage and train employees to ensure compliance.

 Escrow Accounts Vulnerable to Hidden Virus in Photos

A newly discovered version of a well-known computer virus disguises a configuration code in a digital photo that can steal online account information. An escrow account could be drained without a bank even knowing because the customer was properly authenticated into the system.

 Fraudulent Reinstatement of a Dissolved, Closed or 'Dead' Business

According to the Better Business Bureau, identity theft affects more than nine million people and costs more than $56 billion to the economy every year. Identity thieves also can take advantage of companies that are dissolved or no longer in business.

 Protecting Data: ‘Compliance Is a Journey’

A panel of industry experts showed attendees at ALTA’s 2014 Business Strategies Conference how easily criminals can access non-public personal information by sharing a “live-hacking” session during a general session on March 14. Read on to learn why title professionals must constantly be vigilant in protecting data.

 Tips to Prevent Mobile Cybercrime

With the recent uptick of in-store data-breaches, it's important to also remember the vulnerabilities associated with mobile devices and social media platforms. Read on for four simple tips from Agility Recovery on how to protect data.

 Wireless Routers Vulnerable to Virus Attacks

Updating computer anti-virus software is a familiar concept for most, but recent reports highlight that some home and small-office wireless routers may be vulnerable to attacks.

 Protect Your Company Against Fraudulent Change of Business Registration Information

For the cost of a filing or processing fee, thieves may attempt to file a fraudulent change of your business address, or file changes to your business’s officers, directors or registered agent. Read on to learn why this could be a danger and how companies can protect themselves.

 White House Launches Cybersecurity Plan

The framework can be used to complement any information security program policies ALTA members may have in place or need to implement.

 Bill to Prevent Cyber Attacks Approved by House Committee

The House Homeland Security Committee on Feb. 5unanimously passed HR 3696, the “National Cybersecurity and Critical Infrastructure Protection Act of 2013.” The third pillar of ALTA’s "Title Insurance and Settlement Company Best Practices” addresses network security to protect non-public personal information, management and training of employees to ensure compliance with a company’s information security program, as well as notification of security breaches to customers and law enforcement.

 FHA to Accept More Documents with E-signatures

The new policy allows e-signatures on origination, servicing and loss mitigation documents, as well as FHA insurance claims, REO sales contracts and related addenda. Initially, e-signatures will not be accepted on the mortgage note, but the FHA plans to begin accepting e-signatures on forward mortgage notes at the end of the year.

 Escrow Company Sues Bank to Recover $1.1M Lost in Cybercrime

The receiver for a California-based settlement company is suing the firm’s former bank to recover more than $1.1 million in escrow funds that were fraudulently transferred to China.

 Homeland Security Subcommittee Passes Cyber Attack Bill

On Jan. 15, the Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies approved the National Cyber Security and Critical Infrastructure Protection Act of 2013. The third pillar of ALTA’s “Title Insurance and Settlement Company Best Practices" addresses network security to protect non-public personal information, management and training of employees to ensure compliance with a company’s information security program, as well as notification of security breaches to customers and law enforcement

 Cyber Insurance Can Limit Agent Losses Caused By Online Attacks

The risks title companies can be exposed to in this Internet era are limited only by the imagination of the would-be thieves, virus designers and hackers out there. Read on to learn where information could be vulnerable to an online attack.

 Senator Reintroduces Data Security Bill in Wake of Target Breach

In the wake of the massive security breach at Target Corp. that potentially exposed millions of consumers to identity theft, Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) is renewing efforts to pass data security legislation. The third pillar of ALTA’s “Title Insurance and Settlement Company Best Practices addresses policies and procedures to protect non-public personal information, including guidance on network security and notification of security breaches to customers and law enforcement.

 Financial Regulators Issue Final Guidance on Social Media

The The Federal Financial Institutions Examination Council's 19-page guidance is intended to help understand potential consumer compliance and legal risks, as well as related risks such as reputation and operational risks, associated with the use of social media, along with expectations for managing those risks.

 Cyber Threats Growing in Frequency, OCC Reports

Cyber threats are growing in sophistication and frequency, and require heightened awareness and appropriate resources to identify and mitigate the associated risks, the Office of Comptroller of the Currency reported in its Semiannual Risk Perspective for Fall 2013. ALTA created its "Title Insurance and Settlement Company Best Practices" to help lending institutions supplement their risk-management programs. Read on for information on how the Best Practices can help companies protect escrow/trust accounts from fraud, procedures to safeguard non-public personal information and actions to follow in case of a security breach.