Rockford local designs solution to prevent global cyber theft

Tom Cronkright

Cronkright and partners turn fraud event into an award winning software

By BETH ALTENA

We all know the feeling of just having made a bad mistake. You check out at the grocery store and realize you forget your coupons. You get to the airport in Detroit and realize you didn’t grab your current passport, but your expired one. You pack your diamond tennis bracelet in your checked luggage instead of your carry on luggage and then the airline lost your luggage. You wired $180,000 in a real estate transaction and realized you’d been the victim of cyber fraud.

All those examples are real events that happened, maybe to you, too. Except few of us, hopefully, ever feel the realization that nearly two hundred thousand dollars have been stolen via a bank wire transfer that appeared legitimate.

“I vividly remember it,” said Tom Cronkright, well known Rockford businessman who has, since that incident, come up with a solution to assure he, and millions of people, are protected from such a fraud.

Rockford residents may be familiar with Cronkright. He lives here in Rockford in his family’s home on the Rogue River. He is also a property owner of many historic downtown Rockford structures. He is an attorney and co-owner of Sun Title along with his partner, Lawrence Duthler, which they founded in 2005.

Lawrence Duthler

Sun Title is one of Michigan’s largest title agencies and has won numerous awards including the Inc. 5000 and 101 Best and Brightest Companies to Work For.  Cronkright said his company, like tens of thousands across the nation and the world, commonly transfer large sums of money as part of real estate closings.

In April of 2015, Sun Title was assisting with the closing of a commercial property transaction in Grand Rapids.  Everything seemed normal as Sun received a cashier’s check for $185,000 from the buyer as a security deposit for the transaction – a sum that was immediately deposited into Sun’s escrow account.  A few days later, the buyer instructed Sun to keep the $5,000 and wire $180,000 to the seller as under the terms of the purchase agreement.  The two days after Sun wired the funds to the seller, the cashier’s check bounced, and the $180,000 was gone.

“It wasn’t something that was not even on our radar,” said Tom. Recently featured on a podcast, “You Heard Me” he described the whole event and following actions. He said cyber fraud is the fastest growing crime globally and is responsible for the loss of billions of dollars each year.

“Cybercriminals are using sophisticated tools and experienced computer engineers to defraud people, and the best thing we have to confirm someone’s identity that we have not met in person is a phone,” he described. His transaction involved nationals from Nigeria who were operating in Canada, a German resident who flew to New York to withdraw cash and forward funds to her co-conspirators before returning the same day to Germany, and a series of money mules located in the United States who eventually faced trials and prison sentences.  “We later learned that we fell victim to one of the most sophisticated fraud syndicates in the world,” said Cronkright.  “People in Nigeria, South Korea, and Senegal were assisting with the coordination of the fraud in real-time.”

Cronkright said he was successful in retrieving $140,000 of the stolen $180,000 after two years of Herculean effort.  “We aggressively pursued the individuals that took the funds from us, and we were blessed to have recovered a majority of what was lost,” said Cronkright.  He said, luckily, coincidentally, his partner had worried about errors in transferring funds and had come up with a plan the February before the incident.  He was convinced that it would be a good idea to have legal pleadings drafted and ready to file in court in the event money was sent on accident to a wrong account.

This idea paid off in a big way as it allowed the two to serve a lawsuit on various banks around the country that had received their stolen funds within for hours of learning of the fraud.  The fraudsters had used their “money mule” network to transfer funds to multiple accounts to avoid recovery.  Since the incident, Tom and Lawrence have worked with federal authorities to put some of those involved in prison.  Interestingly, Lawrence was able to contact the actual person whose name was used as the buyer in their fraud incident – it turned out to be a professional on the West Coast whose identity was stolen.  The gentlemen disclosed that six other frauds had taken place simultaneously across the country using his information and the same scheme.

“It was a wake-up call and something we describe as ‘tuition,’ and we don’t mind paying it,” said Lawrence of the whole experience.  In the months following the fraud incident, Lawrence and Tom made several changes to their internal processes to protect their company.

The fall of 2016, just over a year after their fraud event, Tom and Lawrence saw several fraud attempts in the industry that were “next-level” in their timing and sophistication. In a typical case of wire fraud, the perpetrator’s access (whether by hacking or taking advantage of poor security) sensitive identity data to insert themselves in the communication chain in the guise of qualified parties to the transaction.  In almost every case, the lender or another party unknowingly end up wiring the closing funds directly to the imposter or his/her agent. Every time, the lender or wiring party believes she is following the request or instruction of the authorized real estate agent, mortgage originator, closing agent or banker when, in reality, the e-mail or even phone call has come directly from the perpetrator.  “By October of 2016, the cybercriminals had demonstrated their intimate knowledge of real estate transactions and were deploying real-time strategies targeting buyers and sellers directly,” said Lawrence.  “Something had to be done.”

On a sunny weekend overlooking the Rogue River, Tom outlined a solution to prevent wire fraud in the country – something he and his partner had been debating the prior week.  “The idea included the assembly of the best technology and data insights to answer two critical questions: (i) How do I know I am communicating with the right person on the other end of the electronic communication? and (ii) How can I share or confirm critical information securely?”

In late fall of 2016, Tom and Lawrence enlisted the assistance of a friend and software product expert, Tyler Adams.  Together they began building a real-time identity verification and bank account confirmation platform designed to instill trust in a transaction and allow people to safely wire funds.

In less than a year CertifID (www.certifid.com), was launched into the title, lending, and real estate industries.  The platform empowers any two parties to safely and securely exchange wiring instructions by ensuring the authenticity of transaction-related communications by overlapping four proven processes:

Digital Verification: It ensures each user is connecting through trusted devices that they own or use on a regular basis by harnessing billions of digital records and metadata associated at the device level.

Knowledge Based Authentication (KBA):  The team created a series of customized “out of wallet” questions that only the authorized individual could know or answer—even if their personal information has been compromised.

Two-Factor Authentication (2FA): CertifID requires a unique one-time code that users must provide from a device that has been validated via text, call or Google Authenticator.

Bank Account Certification:  It confirms and displays the institution routing information and allow the account holder to confirm his/her bank credentials before funds are transferred.

With CertifID, Cronkright said changes in a person’s metadata and biodata could be detected from their previous interactions with their device.  Even such specifics as the true device location or travel patterns can be compared to years and years worth of previously stored data. “Every interaction we have on our devices leaves a trail,” Cronkright stated. “The information has been curating for over ten years, even such details as the angle of your phone when you hold it.”

To take it a step further, Cronkright and his partners guarantee the use of CertifID up to $500,000 per wire transfer which is backed by an insurance policy with a large underwriter.  “We wanted a solution that allows our customers to transfer this risk to us,” said Tyler Adams. “Wire fraud surpassed the $1B mark last year in the US alone, and we want to be part of the solution.”

CertifID was recently named a Housing Wire Tech 100 award winner, just a few months after launching into the market.  “We’ve received a great response from companies across the country and are working hard to keep people safe,” said Cronkright.  “We want to make sure other people don’t go through what we went through.  If we can do that, we will have met our goal.”

More information can be found at www.CertifID.com, by phone at 616 855 0585 and by email at support@certifid.com.