Online Banking Fraud – Part I

In recent years, there has been an increase in cyber-attacks directed towards usernames and passwords for online banking accounts.  Through these attacks, outside parties have been able to misuse banking information for fraudulent wire transfers.  Hackers have starting using foreign accounts because it is more difficult to recover funds when dealing with some foreign banks.  Online banking fraud has led to over $40 million in stolen funds from small and mid-size companies.  Recently, the nature of these attacks have become more complex as regulatory agencies, e.g., FDIC, and enforcing agencies, e.g., FBI, scramble to keep up with changing technologies.

How Have Online Cyber-Attacks Changed In Recent Years?

In recent years, online banking fraud has become dramatically more sophisticated.  Now, hackers have the capacity to infect not only small, local sites, but also high-volume webpages all across web.  These hackers infect popular websites with Trojan viruses, which latch onto users’ computers when they visit the website.  The virus then directs to online banking information, such as account numbers and login information, allowing the hackers to access these accounts and conduct fraudulent transactions.  The virus may even have the capacity to record and hold this information itself.  To carry through the cyber-attack, criminals only need to setup funds transfers without the respective bank noticing.  Banks learned to watch for transfer activity from unknown computers, so now hackers steal victims’ IP addresses to avoid detection.  With this information, the transfer looks like a typical transaction from the user’s computer.  The hackers may obtain the ability to take control of a computer and use it to conduct fraudulent transfers.

How Can a Business Protect Itself Against Online Banking Fraud?

Businesses are generally charged with a duty to take reasonable measures to protect their customers’ financial information.  The topic of how much protection is “reasonable” continues to be the subject of litigation in various courts.  Indeed, a court may hold a business liable for failing to take the appropriate steps to protect a consumer’s information.  Therefore, it is important that companies implement measures to shield customer information from cyber-attacks.  First, businesses can provide added protection against online banking fraud by providing an added level of security for transactions.  For example, a company can require a fax confirmation of an order, a signature on the order that matches a signature on file, or a telephonic verification by an authorized customer.  Additionally, cyber-attacks typically take place over email messages or while a user is on the web.  Therefore, to avoid providing access to attackers, businesses can set aside a computer for their online transactions that does not receive emails or have access to the web.  While this does require an added cost for the computer and its maintenance, it also provides a virtual barrier for financial records.  Without access to the computer, hackers cannot get to the bank account information.  Finally, frequently monitoring online banking activity can help catch illegal activity quickly, which makes cyber-attacks more difficult.  Sometimes, banks are willing to reverse fraudulent transfers if users promptly report the activity.

At our law firm, we provide guidance and legal expertise to help businesses and individuals protect against cyber-attacks.  You may contact us to discuss the steps you can take to protect your online banking information.