BPAS, a provider of retirement plans, benefit plans, fund administration and collective investment trusts (CITs), has launched BPAStify—a new fraud prevention tool that is part of the firm’s overall security efforts.
Under BPAStify, a participant requesting certain assistance through the BPAS participant service center or other means may be required to go through additional scrutiny using a live video identity verification process via smartphone, tablet or computer. When complete, the recording will be shared with the client’s human resources (HR) team, which will verify that the caller is truly the employee in question and provide approval to BPAS.
BPAS says the tool not only helps with authentication and employer review, but, in the event of a fraud attempt, the recording itself could be used by law enforcement to identify and prosecute fraudsters. Considering the dollars at stake, BPAS makes this clear on the recorded calls.
“When we decide to invoke BPAStify, we notify the caller that the account has been flagged for additional scrutiny,” says Joe Buczek, manager of the BPAS participant service center. “The caller’s reaction tells you something right away. When you’re dealing with the real participant, there is almost always an immediate willingness to cooperate; they appreciate the added vigilance to protect their account. In cases where there is a refusal to cooperate or some technological reason why the caller can’t participate, it’s a big red flag. We freeze the account and initiate additional security measures to protect the plan assets.”
BPAS notes that in the wake of well-published data breach incidents and the Department of Labor (DOL)’s guidance about retirement plan cybersecurity, service providers have implemented a bevy of new measures to galvanize their programs, including multifactor authentication, added security questions, changes to electronic payment polices and other confidential or proprietary measures.
“We will continue to refine the BPAStify program and build additional technology around it,” says Linda Pritchard, senior vice president of BPAS operations. “There is only one individual who has the right to access an account or attempt to withdraw assets—the actual participant. We have no higher imperative than to protect plan assets for our customers.”