Bank Insecurity: Your Money is at Risk Through Cyber Theft

We all, individuals and businesses alike, have this basic assumption that when we put our money in a bank it is safe. But is it? Apparently not so much as the experience of small business TRC indicates when hackers reached into the company’s California-based bank account and drained it of nearly $300 thousand. Worse, the bank and CEO Dennis R. Woods is claiming no responsibility for the security in their own bank!

Jon Fleischman of California’s premier political blog The Flash Report recently updated his readers to the ongoing lawsuit in this tale of cyber theft.

In 2011 cyber hackers out of Eastern Europe broke into the accounts of California’s United Security Bank (USB) and drained almost $600 thousand from the accounts of TRC Operating Company (TRC) out of Kern County, California. It happened over a weekend when the bank was shutting down for Sunday and nobody noticed for days.

Most of these cyber-thieves are from Ukraine or other former Soviet Bloc countries and it’s been going on for nearly 20 years. Specializing in Corporate Account Takeover’s (CATs), these foreign thieves create fake accounts and via the Internet, worm their way into the computer records of banks and their customers and successfully transfer millions with multiple transfers of small amounts to untraceable accounts.

When TRC did notice it lost all that cash, the company officers went to the bank and demanded to know what happened. Bank authorities and CEO Woods eventually told TRC that the money was gone, there wasn’t anything they could do about it, and too bad, so sad for you, TRC! Bank officials saw no reason why they should be held responsible for the slipshod security in their own bank.

With its lack of attention to cyber security, CEO Woods and his USB bank essentially left the bank vault door wide open, walked away from the bank, and let the hackers have their way with customers’ money. Yet they claim no responsibility?

TRC also discovered that the supposed protection of the Federal Deposit Insurance Corporation (FDIC) doesn’t cover small businesses, so they were out of luck there, too.

I also wrote about this case back in November of 2012, but Mr. Fleischman has a great quote from Julie Rogers of the Dincel Law Group out of San Jose, representing TRC in the lawsuit against the bank.

“Cyber theft hits California businesses harder than any other segment of the population. Banks are the experts in online banking–not businesses,” Rogers told me. “It’s bad enough to believe your company’s money is safe in the bank and then find out you’ve been victimized by anonymous hackers. But it is a whole new level of victimization when the bank with whom a company has entrusted its business for years is willing to blame that business for the bank’s failure to provide its customers with even the most minimal levels of online security.”

No truer words were spoken. I mean, imagine. You have a medium to small business and you have several hundred thousands in operating costs in a “secure” bank, yet one day you wake up to find that it was all stolen by cyber thieves and your bank just throws up its hands and says “Oh, well, sorry ’bout that, pal.”

How is it that a bank is completely free of responsibility for the security of the money you deposit?

TRC’s isn’t the only lawsuit currently wending its way through the courts systems, either. CAT victims are starting to demand compensation from banks asleep at the switch. Recently in California, Village View Escrow Company of Redondo Beach was successful in winning a settlement sufficient enough to cover its legal costs for suing its bank plus some extra.

In Michigan a state circuit judge ruled that banks and financial services had to offer more than bland apologies in CAT cases. The standard of “good hearts, empty heads,” the judged said, doesn’t meet the demands of reasonable protection for customer’s accounts.

Also, in Portland, Maine, Patco Construction won a suit against its bank for a CAT theft. The court ruled that even though the bank had instituted cyber security measures to industry standards, those standards are so deficient as to have made the bank’s efforts unsatisfactory.

These cases show that CAT victims are neither remaining silent, nor taking their loss without seeking redress. Banks and the financial services industry need to step up their game on cyber security and lawmakers should act to bring more transparency to the process. The days of just doing a minimal job at prevent cyber-theft must end and better theft prevention measures instituted. Customers already expect that their money is safe in the bank, it’s time to ensure that it is.

Finally, in a new development, advocacy group Californians for Banking Reform, now says it is time for banks to provide the same protections to small business, non-profits and municipalities that are afforded individual consumers. The group has announced that it is now looking into throwing its weight behind banking reforms to affect this change in the laws.

Shortlink:

Posted by on June 27, 2013.
Filed under Big government, Business, corruption, Culture Of Corruption, Democrats, Economics, Law.
Warner Todd Huston is a Chicago-based freelance writer, has been writing opinion editorials and social criticism since early 2001 and is featured on many websites such as Andrew Breitbart's BigGovernment.com and BigJournalism.com, RightWingNews.com, CanadaFreePress.com, RightPundits.com, StoptheACLU.com, Human Events Magazine, among many, many others. Additionally, he has been a frequent guest on talk-radio programs to discuss his opinion editorials and current events. He has also written for several history magazines and appears in the new book "Americans on Politics, Policy and Pop Culture" which can be purchased on amazon.com. He is also the owner and operator of PubliusForum.com. Feel free to contact him with any comments or questions, EMAIL Warner Todd Huston: igcolonel .at. hotmail.com "The only end of writing is to enable the reader better to enjoy life, or better to endure it." --Samuel Johnson

You can leave a response or trackback to this entry
  • Commander_Chico

    You don’t provide enough details about how the account was breached to be able to tell whether the bank or the company is at fault.

    For example, did someone at the company fall for a “419″ Nigerian-style scam and voluntarily authorize the transfers?

    • warnertoddhuston

      Wait, you mean you don’t trust me?

      • Commander_Chico

        Well, the last time you wrote this up you said FDIC did not cover small business deposits up to $250,000, as it does.

        If this was an outright theft from the bank, the bank would pay, as they would be covered by FDIC.

        Bullshitters are always hacks.

  • CaptainNed

    Day job talking here, State-level financial regulator.

    Most CATO (Corporate Account TakeOver) jobs do not come from straight hacking but from social engineering. Also, the target is not talked into authorizing a fraudulent transaction; instead the target is talked/engineered into giving away the logins needed to make the transactions.

    I’ve been a regulator for 17 years. It never ceases to amaze me that all I have to do is say “I’m from the Banking Department” to people I’ve never met before and everything is shown to me without anyone actually asking for the ID I carry at all times (and yes, I do write them up for that). Social engineering is the easy back door and always will be.

  • Pingback: Bank Insecurity: Your Money is at Risk Through Cyber Theft | Wizbang - Let You Know Everything