FROM FINOPOTAMUS - Faxes Still in Play at FIs, Despite Security Concerns

"It's the epitome of insecurity." - Mike Cutlip, Authoriti CEO

This article was published in Finopotamus, August 20, 2020.

By Roy Urrico

It may surprise many people that facsimile devices, which received their first patent in 1846 and became ubiquitous in the 1980s, are still alive and kicking in many businesses including financial services, notwithstanding an obvious lack of security.

A surprising number of financial institutions continue to receive large transaction requests via fax, according to New York-based Authoriti, which provides transaction security to financial institutions.

Even the IRS went old tech to help get through the COVID-19 shutdown. With most of its teams working from home — and unable to access mail — the agency requested businesses that typically file paper forms to fax them instead.

A fax sitting on a counter at a workplace, or at a home office during a pandemic, in plain sight, containing PII (personally identifiable information), such as Social Security numbers, does not paint a secure picture. Nevertheless, the most up-to-date FBI Criminal Justice Information Services policy permits using physical fax machines without encrypting the message, but demands encryption for all email and internet communications, as well as cloud-based faxing. As the logic goes, it is much tougher to intercept faxes than unencrypted electronic communications.

In speaking with credit unions and banks about security strategies, Michael Cutlip, the CEO of Authoriti, said the majority of financial institutions still receive faxes —primarily instructing the institution to execute transactions.

Cutlip suggested many credit unions and banks, in order to compete and leery of disenfranchising account holders who “have always done it that way,” opt to continue a comfortable process for those customers. “If they have always sent a fax to request a vendor payment, institutions don’t want to rock the boat.”

Typically, a customer will send a fax to the institution, which reviews it, then calls the client to confirm the payment and amount details contained in the fax. Some financial institutions will send their customer a secret PIN that only the authorized signer on the account should know and can repeat.

To continue reading, please visit Finopotamus.