Cyber criminals are targeting businesses via a type of electronic fraud called corporate account takeover. It starts when a hacker breaches a business through its computer system and generates a fraudulent ACH/EFT transfer. Although corporate account takeover is the #1 cyber threat facing businesses – few have a policy to cover potential losses. A typical commercial cyber policy covers only damages for which a company is liable – not funds stolen via online banking fraud.
Here’s the scenario: Your bank’s business customer, a hardware store, gets hacked and the crook sends a fraudulent ACH transfer request to the bank. From all indications, it appears to be coming from the store owner. The bank follows its security protocol and the money is sent. Because the bank followed the agreed upon security procedure, they aren’t liable and their insurance won’t cover the loss. The bank now faces an unhappy customer and potential reputational risk, even though they aren’t technically at fault.
This situation happens far too often and leaves the bank with a difficult decision. Does it reimburse the loss to keep the customer or do they let an unhappy customer go to a competitor and/or share their experience at the next Chamber of Commerce meeting? Again, even though the bank isn’t at fault, the perception is that cyber security and protecting customer funds is always the bank’s responsibility.
You can help protect against EFT fraud by understanding these FAQs:
#1: Why isn’t this covered under my bank’s Financial Institution Bond? I thought it covered fraud.
Fact: The FI Bond covers claims in which the bank is held liable due to failure to follow agreed upon security measures. In the event a commercial customer incurs a cyber-breach resulting in an account takeover and loss of funds, your bank is at risk of having an unhappy and possibly lost customer.
#2: Shouldn’t commercial customers already have this coverage?
Fact: Insurance professionals agree that businesses should carry both liability and reimbursement insurance to protect themselves from the ever-growing list of cyber-related exposures. Unfortunately, many don’t really understand the risks.
#3: What can I do to educate and protect business customers from EFT fraud?
Fact: In today’s competitive environment, doing everything you can to protect your customers’ best interests will set your bank apart from the crowd. EFT Guard Coverage was designed with that in mind. You can cover your commercial customers against losses resulting from wire transfer/ACH losses up to $100,000. Your customer will also have access to a web portal of tools they can use to assess and manage their online vulnerabilities.
To learn more about EFT Guard, visit AmTrust Financial Institutions Insurance