Risk Management and Current Claims Developments in the area of Fidelity Guarantee Insurance |
Since AIG does not view itself purely as a risk carrier, but as a partner in the area of company-wide risk management, we would like to inform you about the latest developments and thus provide you with ideas for effective risk management at your company. Fidelity guarantee insurance policies play an increasingly important role in |
© 2016 American International Group, Inc. All rights reserved. |
company-wide risk management as the
risks and obligations of a proper businessperson and the protection of
such risks and obligations gain in relevance. Aside from the original insurance cover for damages caused by persons of trust and the cover in the Computer segment, the 'Damages by third parties' segment represents another key area in the cover concept of fidelity guarantee insurance. In particular, current claims developments indicate a trend of intentional or attempted diversions of established internal payments flows to third parties. This may be effected, for example, with variously worded notifications or other attempts to contact the insured company, advising that the currently agreed bank accounts have changed and that payment transactions must now be processed through a new bank account. The Scheme In this scheme the fraudsters contacted a number of the company’s employees and represented that they were calling from the bank where the company held its bank accounts. The call was made to the employees under the pretense there was unusual activity on the bank account the company held with the bank. During the call, the company’s employees were persuaded to provide their Log-on ID’s for the bank’s online payment system and to reset their memorable information held in the system to a word provided by the fraudster. They also provided to the fraudsters the “challenge” responses required which were generated from the employee’s personal card reader. During the call, the fraudsters spoke to a total of three employees. As the conversation was completed with the first employee, the call was transferred to the next employee. The story created by the fraudster led to the call being transferred without raising suspicion. Each time the call was transferred it was introduced by the employee to the next employee, the fraudster’s story being retold by the employee. The provision of the Log-on ID’s and resetting of the memorable information allowed the fraudsters to reset each employee’s password. Having three employee Log-on ID’s allowed the fraudsters to circumvent the need for dual control on payments. The provision of the “challenge” responses allowed the fraudsters to access locked users and approve the administration changes in the payments systems. The fraudulent call was ended when one employee asked the fraudster for their full name, location and contact number. Unfortunately this was only requested after the above information had been provided. The Impact During the call over 20 payments totaling in excess of USD 4 million were attempted with over USD 2 million being successfully processed. The company that was the victim of the fraud is a small European based subsidiary of a larger European company. Loss Prevention Whilst fraud is an unfortunate fact of business, many frauds only succeed because they rely upon employees not following established internal controls. Fraud can be avoided or reduced by ensuring:
|