Impersonation Fraud – It’s a thing!
Be it the “Social Engineering Extension” or “Fake Presidents Clause” these terms appear to be causing much confusion out there.
We prefer to call it “Impersonation Fraud” but, take your pick, they all mean pretty much the same thing.
Essentially, they are all designed to cover the scenario where an employee of the Insured, in good faith, pays money to a fraudster having received a payment instruction from someone impersonating their boss or customer etc.
Traditionally, conventional commercial crime policies did not cover such losses as there was no dishonesty on the part of the employee, and the Insured’s IT systems had not been hacked
A couple of years ago there was a veritable epidemic of these losses and commercial crime insurers were asked to provide a solution, the result being the Clauses/Extensions mentioned above.
So, problem solved right?
Well not exactly – the cover is generally extremely restrictive with the Insured having to bear as much as 75% of the loss if they did not have a “Verification Policy” in place and if no basic Verification process took place before the relevant payment was made.
So, what is “Verification”?
It’s pretty basic, and just common sense really – our wording defines “Verification” as follows:
The genuineness of a person who communicated the fraudulent instruction, verified independently from the person who communicated the fraudulent instruction and confirmed by the Insured through a telephone call back procedure consisting of calling the requestor by using the telephone number of such requestor which is:
- held on file by the Insured, or
- available in the internal phone directory of the Insured or
- verifiable into the public domain;
where such instruction is in the form of an e-mail, by verifying and ensuring that the genuine requestors’ work e-mail address has been used for such instruction, the genuineness of the banking details in question to be verified by the receipt of a letter from the bank in question or a cancelled cheque reflecting the details of the account in question;
such documents to be received prior to making any payments.
If the abovementioned conditions were adhered to then the Insured would generally be paid out 90% of their loss and bear 10% for their own account. (these terms may change from one Insurer to another but, from what we have seen, they are pretty standard).
So, the solution is there, but BEWARE – you will have to play your part too….