Does account verification prevent wire fraud? The question is one of the most searched in the escrow and title industry, and the honest answer is no. Account verification confirms that an account number and a name matched at a point in time against a stated source. It does not prove the account belongs to the right party. It does not prove the instruction was not intercepted before it arrived. It does not prove who decided to send the wire when something did not match. The FBI's Internet Crime Complaint Center logged over 12,000 real estate fraud complaints and roughly $275 million in reported losses in a single recent year (FBI IC3 2025 annual report), and many of those losses hit offices that did verify.
This article takes a precise position on what account verification can and cannot do, and what the file needs to capture so the office can later prove what it checked, what the check proved, and what it left open. The argument is narrow and practical. The office decides. Veto records the review.
What account verification actually confirms
Account verification, in the escrow context, is the process of checking payment instructions against a source the office treats as reliable before releasing funds. The check can take several forms. A callback to a known number on file. A bank-to-bank account match through a deposit validation service. A payee authentication tool that cross-references the account against a financial institution database. Each method produces a result: match, no match, or partial match.
What each result means is narrower than the marketing language suggests. A match confirms that the account number and the name on the instruction align with what the source holds. It does not confirm that the source itself was not compromised. A no-match tells the office something is wrong and the instruction should not proceed without resolution. A partial match, where the name is close but not exact or the bank is different, is the scenario that creates the most exposure, because the office has to decide what to do with an open item and that decision is what the file needs to capture.
The FBI calls business email compromise, the engine behind most wire fraud, one of the most financially damaging online crimes facing businesses that move funds by instruction (FBI, Business Email Compromise). The agency's central recommendation is pointed: use a secondary channel to verify any request that changes account information. The strength of the secondary channel is what determines whether the verification holds, and the strength of the channel is what the file should record. For how account-level checks fit into the broader review without becoming approval, see Account checks are evidence, not approval.
What an account match does not prove
This is where the distinction between a check and permission matters most. An account match proves the account and name aligned against a source at the moment of the check. Here is what it does not prove.
It does not prove the instruction was authentic. A fraudster who has compromised a party's email can send instructions that carry the correct account number for the correct party, then redirect the funds after the fact through a change request the office has not yet seen. The match is real. The fraud is real. Both are true at the same time.
It does not prove the source was independent. If the office calls back to a number printed on the wire instructions, or replies to the email that sent them, the verification rides the same channel the fraud is riding. In Mago v. Arizona Escrow & Financial Corp., the escrow company noticed the payee name did not match, emailed to ask about it, and accepted the reply from the compromised thread (Mago v. Arizona Escrow & Financial Corp. (Ariz. Ct. App. Div. 1 2023)). A jury put one hundred percent of the fault on the escrow company. The check happened. It happened against the wrong source.
It does not prove the office made a decision. A match is a data point. The decision to release is an office state, created by policy, evidence, source limitations, and the judgment of the person who signs off. If the file shows a passed check but no record of what the office decided when something was open, the file cannot answer the question everyone asks after a loss. For the foundational record that captures that decision, see Why every covered instruction requires a current review record.
Why offices that verified still lost money
The reported cases follow a pattern. The office verified. The verification produced a match or a partial match. The office proceeded. The funds were diverted. The question in every subsequent lawsuit or examination is the same: what did the office do with the open item, and can the file prove it?
The answer that fails is the one where the file is silent. A file that shows a callback was made but does not show what was asked, what was answered, what stayed open, and who decided to proceed is a file the office cannot defend. The verification step happened. The record of what it proved did not. That gap is what the cases turn on. For a full treatment of the reported cases, see Before buyer funds move, build the record.
The answer that holds up is the one where the file carries a current, timestamped record of the review. What source was checked. What the source could and could not prove. What stayed open. Who reviewed it. What the office decided to do about it. That record is what separates a defensible file from an indefensible one, and it is what every framework the office answers to eventually asks for. You can see what a Review Record sample looks like, or review the Review Record standard that defines what the file needs to hold.
What the file should capture on every account verification
A verification check is evidence. The file needs to hold that evidence in a form an examiner, an underwriter, or an E&O carrier can evaluate later. Five elements carry the load.
First, the source. Which source was checked: a callback number on file, a bank-to-bank validation, a payee authentication tool, a lender portal. The source determines the strength of the check, and the file has to name it. Second, the result. Match, no match, partial match. The file records what the source returned. Third, the limitation. What the source could not prove. A callback confirms a voice answered at a number. A bank match confirms the account exists under a name. Neither proves the instruction was authentic. The file has to state the limitation so the check is not overstated. Fourth, the open item. If anything did not match or could not be resolved, the file carries it as an open item rather than closing it silently. Fifth, the decision. Who reviewed the evidence, what the office decided, and when. The decision is the office's. The record is what holds it.
This is the structure a Review Record imposes on every covered instruction. It does not decide for the office. It makes sure the office's review is current, named, and on file before money moves.
How account verification maps to ALTA and DFPI expectations
Every framework that governs escrow funds places the release authority with the office, not with a vendor. The frameworks expect verification, but they also expect documentation of what was verified and against what source.
| Framework | What it expects of the office | How a documented review addresses it | |---|---|---| | ALTA Best Practices Pillar 2 (Escrow Trust Accounting) | Written procedures for disbursement, dual control on wires, documented verification of wire instructions (ALTA Best Practices) | The review record produces the file-level artifact that each covered instruction was checked against a stated source before release. It captures who reviewed, what the source proved, and what the office decided. | | ALTA Wire Fraud resources | Verification procedures, consumer education, staff training, and a documented trail before funds move (ALTA Wire Fraud resources) | The review record is the operational evidence that the office applied its verification procedure on the file. ALTA's Outgoing Wire Preparation Checklist and Rapid Response Plan assume a documented trail exists. | | DFPI independent escrow duty | Strict and faithful performance of the parties' written instructions, with clarification when instructions conflict (DFPI consumer information) | The review record shows the office identified the instruction, checked it against a stated source, and either resolved the conflict or carried a named exception. |
The convergence is the point. ALTA and DFPI are not asking the office to guarantee that fraud will not happen. They are asking the office to show what it reviewed and why it proceeded. A review record on every covered instruction is the artifact that answers both. For the full mapping across all seven pillars, see Implementing ALTA Best Practices for settlement fund security.
What happens when account verification is the only control
When account verification is the only control, the office is betting that a match is the same thing as permission. The reported cases show that bet loses. A match that rides the same channel the fraud is riding is not a match that holds. A match that produces a partial result and proceeds with no record of who decided to go forward is a file the office cannot defend.
The control that changes the picture is not a better match. It is a layer that records what the office reviewed, what the source proved, what it did not prove, what stayed open, who signed off, and what the office decided to do about it, before money leaves the account. That record, timestamped at sign-off and retained for the life of the file, is what the office points to when the file is examined. It is what makes the office's review reconstructable rather than dependent on memory and email threads.
The office decides. Veto records the review. That boundary is what makes the record useful. The record does not claim the instruction was correct. It claims the office applied its own procedures, checked the instruction against a stated source, and documented what happened. That honesty is the utility, because it is the artifact that holds up when the file is reconstructed six months later. For how exceptions and open items fit into this picture, see Reducing social engineering risk through recorded exception paths.
Run a live-file control test
The way to see whether this doctrine belongs in the file is to run it on one real disbursement before the next one closes.
Take a covered instruction from a recent or pending file. Build the review record: what was checked, against what source, what the source could and could not prove, what stayed open, who reviewed it, and what the office decided. Then ask whether that record would answer the questions behind every disbursement dispute if the file were reconstructed six months from now.
If the record is already there, the doctrine is already operating. If it is not, the file test is where to start. The office's own evidence, on one real file, is the test that matters. Run a live-file control test and see what the file can prove today.
Frequently asked questions about account verification and wire fraud
### Does account verification prevent wire fraud?
No, and any tool that claims it does should be examined closely. Account verification confirms a match between an instruction and a source at a point in time. It does not prove the instruction was authentic, the source was independent, or the office made a defensible decision when something did not match. The FBI's Internet Crime Complaint Center has documented thousands of real estate wire fraud complaints and hundreds of millions in reported losses, many of which hit offices that did verify (FBI IC3 2025 annual report). The question is not whether the office verified. The question is whether the file can prove what the verification checked, what it proved, and what the office decided about what stayed open.
### What does an account match actually prove?
An account match proves that the account number and the name on the instruction aligned with what the source held at the moment of the check. It does not prove the account belongs to the right party, the instruction was not intercepted, or the source was not compromised. The match is a data point, not permission. Permission to release is an office state, created by policy, evidence, source limitations, and the judgment of the person who signs off.
### Is a callback enough to verify wire instructions?
A callback confirms that a voice answered at a number the office reached. If the number is a known number already on file and independent of the instruction itself, the callback is a meaningful check. If the number is printed on the wire instructions or lives in the email that sent them, the callback rides the same channel the fraud is riding and does not verify anything. The strength of the callback depends on the independence of the source, and the file should record which number was called and why the office treated it as reliable.
### What should the office record before releasing a wire?
The office should record the covered instruction, the source each value was checked against, what the check could and could not prove, what stayed open, who reviewed it, and what the office decided. If the office proceeded with an open item, the exception should be named with the approver, the reason, and the timestamp. The record is timestamped at sign-off and retained for the life of the file. For the standard that defines what the record holds, review the Review Record standard.
### Can the office proceed if an account check comes back with a partial match?
Yes, if the office's own policy allows it and the approver signs off. The office may proceed with an open item. What the file has to capture is who authorized release despite the open item and why. A named exception records the decision. A silent bypass, where the office proceeds with no record at all, is the pattern that creates the most exposure. The doctrine targets the silence, not the judgment.
### Does ALTA Best Practices require account verification?
ALTA Best Practices Pillar 2 and Pillar 3 expect documented procedures for wire verification and information security (ALTA Best Practices). They do not mandate a specific tool or a specific match method. They ask the office to show its controls and document what it relied on. A review record that captures the source, the result, the limitation, the open item, and the decision is the file-level artifact an examiner evaluates. ALTA's wire fraud resources, including its Outgoing Wire Preparation Checklist and Rapid Response Plan, assume that documented trail exists (ALTA Wire Fraud resources).
This article describes what account verification can and cannot prove. It is not legal advice and does not classify any office as compliant or noncompliant with ALTA Best Practices, DFPI requirements, or E&O carrier expectations. Veto does not verify, approve, certify, guarantee, insure, authorize, detect fraud, prevent fraud, or make wires safe to send. Veto records the review, captures the source and limitation of each check, marks records stale on material changes, holds releases on stale records, and logs the audit trail. The office decides. Veto records the review.
