Does Cyber Insurance Cover Payment Fraud?

There are many risks associated with cyber crime. One of the most simple yet effective ways for scammers to steal your money is payment fraud. But will your cyber insurance cover you?

No. Cyber insurance does not cover payment fraud, even if that fraud was committed online. This is because fraud is considered an act of theft, and not specifically cyber crime.

There are a specific set of criteria that define cyber crime. Fraud in particular is one of those grey areas where many people think they have coverage, but in fact they may not.

In this article, we’ll cover the following questions:

• What is covered by cyber crime insurance?
• Does cyber crime include fraud?
• Will my cyber insurance compensate me for payment fraud?

There are a defined set of circumstances which constitute payment fraud, so let’s take a look at what it means exactly.

What is payment fraud?

In insurance terminology, and specifically relating to cyber insurance, payment fraud may also be known as “payment instruction fraud,” “social engineering fraud” or “payment impersonation fraud.”

It’s a certain kind of attack in which scammers use official-seeming email communications to trick company employees to transfer company funds to the criminals’ account. The employees give the payment freely and willingly, but do so under false pretences.

Its real life equivalent would be if someone disguised themselves as you, or forged your signature, in order to persuade your employees to give them money.

These attacks can be fairly rudimentary – spelling mistakes, strange email addresses and no usage of first names can be a dead giveaway. Or, they can be highly sophisticated, and appear as if they’ve really come from a trusted source.

But, they work. It can be embarrassing for your staff to admit that they’ve fallen victim to such a scam, so it’s important to foster a culture of non-blame in your workplace. When staff know they can come to you immediately when a scam is detected, the faster you can get it solved.

Payment fraud and cyber insurance

This kind of scam can be particularly lucrative for criminals. Your business could be heavily hit all at once, or multiple smaller payments may occur. It could be some time before the alarm is raised, leading to a large loss for the company.

Many victims expect that their cyber liability insurance will cover their loss. Unfortunately, this is not the case. It all has to do with the legal definition of “payment fraud”.

This is because these crimes rarely involve the kind of cyber security breach required to trigger cyber insurance coverage. All that happened was that the criminal tricked you or your employees into wiring them money. As no passwords were hacked, no security was breached and no virus released, it is considered plain theft – and not a cyber crime.

Even if the incident involved computers and emails, it is still not a cyber crime. Preventing this kind of crime is more about accounting security (making sure your money is safe) rather than IT security. The problem is that many crime policies have exclusions precluding coverage for “voluntary parting with funds,” which is exactly what happens when you’re hit with these kinds of scams.

Protecting your business

In order to prevent payment fraud, you need to take some preventative steps. Number one is to train your staff – and yourself – to better spot fake emails, and to make it harder for fraudsters to make those emails look legitimate.

Criminals will use information easily gleaned from social media and other sources to make fake emails look credible. Sophisticated emails are likely to include details that make the request believable.

Make sure your employees do not share excessive information on their work habits or workplace on social media. In addition, their passwords need to be strong, not only for work accounts but elsewhere criminals might want to look.

And of course, introduce strong financial controls to further lessen the chances of this happening. Use simple, repeatable processes – automated if you can – which reduce the need for personal interaction with company finances. Use dual-factor authentication everywhere you can, and only give the authority to manage payments to one or two people you trust.

If you have any concerns regarding cyber security, call and talk to our cyber insurance experts today. We are available Monday to Friday 9am – 5pm. We can guide you through how best to protect your business from cyber crimes. We look forward to working with you.