Cyberheist Not the Bank’s Problem

Mark Berry June 14, 2011

I’ve recently become aware of a legal case where a company lost a huge amount of money due to a computer virus. Hackers used the virus to steal the company’s online banking password, then proceeded to transfer out over half a million dollars. When the account was empty, the bank advanced over $200K of the company’s line of credit.

The ruling held that the bank was not responsible for detecting the fraud because the bank had the legally-required password policy in place. (See this article for details.)

Whether or not that ruling stands, it does highlight the additional risk of using online banking as a business. I certainly like the convenience of online banking and Bill Pay, both as one who sends and one who receives funds. However if you haven’t already, you may want to clarify/update your online banking policies. Here are some questions that come to mind:

  1. What kind of liability does your bank assume in online banking transactions? According to this article, “businesses do not have the same legal protections against online banking fraud that consumers enjoy.”
  2. Who at your company has access to online banking? What can they do? What computer are they using when they do it? Computers on an MCB Proactive Care plan all have a current anti-virus program installed, but no anti-virus program is foolproof—there is no guarantee that a computer will never be infected.
  3. Do you have a separate account for use with online banking? One suggestion is to limit exposure by only keeping the minimum funds required in a separate account used for Bill Pay. Obviously that account should not have automatic overdraft links to the primary account or to a line of credit.
  4. Have you set up alerts to get an email for any transaction over a certain amount? That’s not perfect protection (hackers with access to the account could turn off alerts), but it’s one more way to try to monitor activity so you can notify the bank immediately of suspicious activity.
  5. When you log on to online banking, do not allow the browser to store your password. Type the password each time.
  6. If all of that still seems too risky, you could always go back to plain old checks! If you do that but retain online banking (for reviewing statements etc.), make sure no one can turn on Bill Pay with just a few mouse clicks.

As with so much in our modern world, additional convenience carries additional risk. In this case, the risk is greater than one might think at first.


Leave a Reply





*