What’s Happening in the World of Impersonation Fraud
So, as expected, losses involving impersonation fraud continue to occur unabated. Unfortunately, fraudsters are also finding other ways of removing your money from your bank accounts but, in some cases, these losses are not covered by current insurance products.
Here are two examples of actual losses which recently occurred.
An employee of the Insured had received an email request from a someone impersonating a legitimate supplier advising that their banking details had changed and providing the new details.
The employee duly amended the supplier’s banking details on their payment platform but did not perform any form of verification that the instruction was actually from the supplier.
After the employee completed her reconciliation of the Suppliers account, she loaded two payments onto the online banking platform totalling some R400 000 and the payments were authorised and released as per their usual payment protocols.
When the supplier queried outstanding funds, the employee confirmed that payment had been made to the new bank account as instructed. The supplier then confirmed that, whilst the instruction appeared to have originated from their offices, the banking details had never been changed and thus the R400 000 was still due.
The Insured confirmed that they had no official policy regarding the verification of payment instructions and that no verification had been performed.
The impersonation fraud Extension of the Insured’s commercial crime policy was triggered by this loss but, because no verification was performed, the Insured received a payment of 25% of their loss from Insurers (R100 000) and thus incurred a net loss of R300 000.
The Insured reported that some R500 000 had been transferred out of their business account but were unable to ascertain how this had happened.
The insured confirmed that they had the usual controls surrounding EFT payments, such as various signatories authorizing and releasing payments using specific passwords, backed up by “one-time passwords” provided by electronic “dongles”. They were therefore unable to explain how the EFT’s in question had been completed.
The bank in question undertook to investigate how the loss had occurred but, some months later, have yet to provide any form of explanation.
The insured have submitted a claim under the impersonation fraud extension of their commercial crime policy but, at this stage, there is no evidence of any instruction, legitimate or fraudulent, surrounding these transactions.
Without further information, the loss amounts to an unexplained loss of funds from the Insured’s bank account and, at this stage, the impersonation fraud cover will not respond.
We now await further information from the bank in question before a final decision may be made.