According to MortageLoan.com, home equity lending is on the rise, with nearly 800,000 new HELOCs originating in the 12 months ending June 2014. That’s the highest number since 2009.* Coincidentally, there has also been a noticeable increase in fraudulent activity regarding home equity lines of credit.
HELOCs-easy targets for fraudulent activity
Committing a HELOC-related crime is relatively easy and lucrative for criminals. First, since HELOCs are associated with recorded mortgages, they are a matter of public record. Second, with these forms of credit mostly used for large expenses, such as college or home improvements, it’s common for the fraudulent transfer to be a large dollar amount. Third, as HELOCs are not used on a regular basis, bank customers do not monitor them as closely as accounts that are used on a daily basis.
Thieves use these factors to their advantage. With the availability of public records and/or social media, they begin by committing identity theft, using the information that they obtain to either create or access a consumer line of credit. Depending on the circumstance, they attempt to steal funds from these accounts by using counterfeit checks or fraudulent wire transfers.
Like other accounts that tend to carry large balances and generate funds transfers, your bank should have adequate security procedures in place for HELOC accounts:
- Establish a security procedure with your customer to verify the authenticity of HELOC draws when the draw is not made in person at the bank. Callbacks are valuable, but they are not necessarily reliable on their own. In past crimes, the thieves were able to change customer contact information or forward calls made to the customer’s home phone number. Online credentials can be compromised by malware, which allows thieves to transfer funds drawn on a HELOC. More banks are implementing alternative authentification processes to notify customers of pending transactions, such as text messages, email alerts to a predetermined address or through an authorized cellphone app offered by the bank. The benefits of these alternatives are that (1) an affirmative reply from the customer is required for a transaction to proceed, and (2) the method to validate the transfer instruction is a different form of communication than that from which the original instruction was received.
- In addition to standard verification steps taken for transfers (i.e., verifying numbers, addresses, other personal security information, etc.), have employees obtain a driver’s license number, or ask the customer to detail the most recent transactions made on their account, or provide the last four digits of their ATM/Debit Card. Some banks take this even further by requiring the account holder to appear in person for high dollar amount transfers.
- It is prudent to pull and verify signature cards; however, it is worthy to note that in some fraud cases, wire requests
- were received by fax with forged signatures which were accurately forged from HELOC documents the fraudsters discovered online. Signature verification alone is not an adequate tool to combat fraud.
- Please remind your customers to be vigilant about reviewing their accounts and bank statements, and suggest that they periodically check their credit reports with reliable credit bureaus. Case in point: upon receiving a bank statement in the mail, a customer noticed that a second name was on the account. It was not one she recognized. In its investigation, the bank discovered that fraudsters changed her husband’s name on the account. Also, caution customers (and employees) to be careful of personal information that they post about themselves or others, even inadvertently, on their social media accounts. Scammers are constantly scouring these sites for possible answers to security questions in order to break into or set up fraudulent accounts.
As a general best practice, it is critical that all bank employees follow security and verification procedures in every instance. Implementing standard procedures is a best practice, and they should be followed for all transfer activity or requests in an effort to prevent or mitigate fraud. Naturally, required verification procedures should correspond to the associated risk of the request. A $250,000 transfer request or check should be scrutinized more closely than a $250 transfer request. An email or phone request should be reviewed in more detail than an in-person request.
Many well-documented stories of large losses involved out-of-pattern requests. Encourage front line employees, especially those in call centers, to put transaction requests through a common sense test before executing:
- Is the caller hesitating in answering identity confirmation questions?
- Does the request seem out-of-pattern with the customer’s account behavior?
- For example, has the customer ever requested a wire transfer or is this the first time? Does the customer have a habit of using checks associated with his/her line of credit or does he/she use a debit/credit card?
- When was a check last written against the account? Has there been a time lapse between the current request and the most recent activity?
- Is the dollar amount in question unusually high compared to prior activities?
- Is it an international transfer or check request?
If the answer is “yes” to any of the above, the request should be elevated for higher-level review, especially one involving an international transfer. Once an international transfer is made, it is nearly impossible to recall those funds once the fraud is discovered.
As a side note, consider all transfer requests on accounts of elderly customers as high risk, as they are more prone to fall victim to fraud.
As criminals become more creative in how they target your customers, it becomes increasingly important for your staff and customers to follow best practices in protecting sensitive information and accounts.
* www.mortgageloan.com, “HELOC Lending Coming Back Into Favor” by Karen Johnson, October 10, 2014