Online Banking Fraud – Part II

Online banking is an electronic payment system that enables customers of a financial institution to conduct financial transactions on the web.   In today’s high-tech world, online banking fraud is committed on a daily basis.  As such, sometimes customers may not be liable for certain unauthorized online transactions, subject to the terms and conditions of the bank’s service agreement.  Online banking fraud is to defraud a financial institution or obtain money or other property under the custody of a financial institution by false pretenses.  A related issue includes financial identity theft.   So, financial institutions use encryption technology (e.g., secure socket layer – a/k/a “SSL”) to prevent unauthorized access to data.

In general, the customer must notify bank within 60 days after receiving a periodic statement pursuant to 15 U.SC. § 1693f.  Under 15 U.S.C. § 1693g(b), the burden of proof of consumer liability is on the bank.  So, in order to establish a customer’s liability, the bank must prove the transfer was authorized.  In case of a violation, the bank may be subject to civil liability under 15 U.S.C. § 1693m.

What Are the Common Methods Used to Defraud Customers?

First, the fraudster may engage in social engineering, which is a method that persuades online users to give up personal information by posing as a trustworthy individual or organization.  It can occur through emails and text messages.  Second, the fraudster may use malware, which is malicious software installed on a computer without a user’s consent. It records keystrokes, redirects browsers, or displays fake websites to impersonate the user in online banking transactions.  Third, the fraudster may engage in phishing, which happens by using emails and websites to falsely purport to be associated with legitimate banks, financial institutions, or companies.  It manipulates online users into disclosing personal and financial data.  Fourth, the fraudster may engage in vishing, which is the telephone equivalent of phishing. In this scenario, the fraudster calls the victim, pretends to be a bank official, and tricks the victim into disclosing personal or financial data.

What Are the Applicable Laws?

Regulation E establishes rights, liabilities, and responsibilities for consumer transactions.  A consumer may be liable for up to $50 of an unauthorized electronic funds transfer, unless he/she fails to timely notify the financial institution of a loss or theft.  If the unauthorized transfer is reported by the consumer, then the financial institution must resolve the claim within a specified deadline under 12 C.F.R. Part 205. The Electronic Fund Transfer Act (“EFTA”), which is implemented by the Federal Reserve Board through Regulation E, protects individual consumer rights from: (i) transfers through ATMs; (ii) POS terminals, (iii) ACH systems; (iv) telephone bill-payment plans in which periodic or recurring transfers are contemplated; and (v) remote banking programs.

The Uniform Commercial Code (“UCC”) applies to commercial transactions.  It provides less protection for commercial customers.   In essence, a commercial customer has 1 year to discover and report any unauthorized signatures or alterations.  Under the comparative negligence theory, the bank’s liability for negligence is diminished according to customer’s share of fault.

At our law firm, we assist clients in legal issues related to online banking fraud. You may contact us in order to setup a free consultation.