One of the most common forms of fraud is business email compromise (BEC). The FBI’s Internet Crime Complaint Center (IC3) found that from 2016 to 2021, losses from BEC increased by 566%, and in 2021, the total financial loss from BEC amounted to $2.4 billion.
In a recent ALTA survey, 46% of respondents said that their employees receive at least one email a month attempting to change wire or payoff instructions. Common fraud techniques can fool even the most careful employees (as well as homebuyers and sellers) into unwittingly sharing sensitive information with bad actors.
As a means to combat this trend, many organizations are rethinking their approach to security in the new technology landscape. For example, in the title industry, ALTA recently announced major revisions to their Title Insurance and Settlement Company Best Practices, which go into effect on May 23, 2023. One of the upcoming revisions includes changes to ALTA Best Practices Pillar 3. This pillar addresses privacy and information security to protect non-public personal information (NPI). In particular, these changes will require greater physical protection of NPI, additional safeguards for cloud-based data, and robust plans for business continuity and disaster recovery in the event of a security incident.
Prioritizing secure communication can help real estate professionals and consumers safeguard sensitive information. This post shares how all transaction parties can leverage a single portal to mitigate security risks and comply with the latest security standards and best practices.
Security benefits of operating in a single communication portal
Email communication has been a staple in the real estate industry for years. However, many businesses are switching to a single communication portal to mitigate some of the common risks associated with email. The following are some of the top benefits of using a single communication portal to prevent fraud.
1. One place for all closing parties to communicate
One way that bad actors attempt to gain access to sensitive information is by sending out communications (often in the form of emails) to different transaction parties posing as someone they aren’t in order to defraud their target. In this scenario, bad actors take advantage of the often-confusing ways transaction parties communicate with each other during closings. For example, a homebuyer might get an email from a bad actor posing as a title agent requesting wiring information. The homebuyer—eager to buy their home—may send this sensitive information to the bad actor, thinking it’s their title & escrow company.
By consolidating all communication onto one portal, transaction parties only receive updates and information requests from one validated location—instead of from various email accounts or other point solutions. As an added benefit, this operational setup also helps simplify communication during transactions because the various transaction parties don’t have to check multiple communication channels for notifications.
2. Reduced risk of interception in transit
Another benefit of communicating in a single portal is the reduced risk that communications are intercepted in transit. When communicating via email, users’ emails are sometimes encrypted over the wire, but only if both the sender and recipient are using technology that supports it. When communicating with new contacts, which often happens during real estate transactions, it’s impossible to tell if someone is using technology that supports encryption. This can put communication at risk of interception, which can expose sensitive data. On the other hand, a secure portal will use strong encryption for all communications.
3. Fewer access points for bad actors to infiltrate
Using too many disjointed tools and point solutions can give bad actors additional opportunities to access sensitive information. Having all communication on one secure portal reduces the number of access points for bad actors to attempt to hack. At FORES22, Chris Hendricks, Head of Incident Response at Coalition, explained that some technology vendors prioritize security better than others. If a business uses an excess of tools, it may mean that one (or more) of its technology vendors’ security practices aren’t up to par. Hendricks recommended that businesses practice vendor due diligence to identify trustworthy vendors that prioritize security at each step of the transaction.
4. Stronger login protections to prevent unauthorized access
Businesses should seek single portals that offer robust security features. These features can prevent unauthorized users from entering communication systems and accessing data. If unauthorized users do enter the system, these features can also restrict them from accessing the entire system and causing additional damage. Some of the security tools and features in Qualia include:
- Two-factor authentication (2FA): 2FA adds an additional layer of security by making it harder for bad actors to access a device or account. When 2FA is enabled in a communication portal like Qualia Connect, all parties in the transaction must submit two forms of authentication to gain access to the portal. These authentication factors can come from SMS text messages or an authenticator application, like Google Authenticator, Twilio Authy, or Duo. With 2FA, users can have greater confidence that the communications they receive are legitimate.
- Logging: With logging, administrators can review a list of logins, when they occurred, and their approximate physical locations. By tracking logins, administrators can review and ensure no unauthorized access has occurred, or escalate issues if something looks suspicious.
- Login alerting: If a login occurs from an uncommon location, the system will send the user an alert to notify them. If the login is unauthorized, the user can flag the login and quickly respond.
- Role-based access control (RBAC): Limiting user permissions based on job function can help prevent unauthorized access to sensitive information. These permissions are known as role-based access control (RBAC). This security feature means that even if a bad actor gains access to a system, they’ll only have access to a limited amount of information (based on the compromised user’s permissions). For example, if a bad actor hacks into one user’s account, they’ll likely only be able to view a limited set of files, rather than the entire system. In Qualia, users can use RBAC to create and assign roles to ensure that each user has only the permissions necessary to complete their job function.
The impact of fraud prevention strategies
As real estate wire fraud continues to rise, the industry is sounding the alarm and inspiring greater fraud awareness. Many businesses are implementing fraud prevention strategies, such as educating consumers, adopting secure technology, training staff on best practices, and creating detailed plans for what to do in the event of a security incident.
So far, these efforts seem to have helped reduce the long-term impact of fraud. According to the same ALTA survey mentioned earlier, 94% reported some amount of recovery of diverted funds in 2021. This finding is a dramatic improvement from the previous survey conducted in 2020, where only 22% of respondents recovered diverted funds. However, while the industry has successfully improved the odds of recovering funds, there is still work to be done to stop fraud from happening in the first place. Better safeguarding sensitive information during transactions—such as by moving communication to a single portal—can help consumers and real estate professionals minimize fraud.
Learn more about how Qualia Connect improves communication and enables a simple, secure, enjoyable homebuying experience by requesting a demo below.