-By Warner Todd Huston
We all, individuals and businesses alike, have this basic assumption that when we put our money in a bank it is safe. But is it? Apparently not so much as the experience of small business TRC indicates when hackers reached into the company's California-based bank account and drained it of nearly $300 thousand. Worse, the bank and CEO Dennis R. Woods is claiming no responsibility for the security in their own bank!
Jon Fleischman of California's premier political blog The Flash Report recently updated his readers to the ongoing lawsuit in this tale of cyber theft.
In 2011 cyber hackers out of Eastern Europe broke into the accounts of California's United Security Bank (USB) and drained almost $600 thousand from the accounts of TRC Operating Company (TRC) out of Kern County, California. It happened over a weekend when the bank was shutting down for Sunday and nobody noticed for days.
Most of these cyber-thieves are from Ukraine or other former Soviet Bloc countries and it's been going on for nearly 20 years. Specializing in Corporate Account Takeover's (CATs), these foreign thieves create fake accounts and via the Internet, worm their way into the computer records of banks and their customers and successfully transfer millions with multiple transfers of small amounts to untraceable accounts.
When TRC did notice it lost all that cash, the company officers went to the bank and demanded to know what happened. Bank authorities and CEO Woods eventually told TRC that the money was gone, there wasn't anything they could do about it, and too bad, so sad for you, TRC! Bank officials saw no reason why they should be held responsible for the slipshod security in their own bank.
With its lack of attention to cyber security, CEO Woods and his USB bank essentially left the bank vault door wide open, walked away from the bank, and let the hackers have their way with customers’ money. Yet they claim no responsibility?
TRC also discovered that the supposed protection of the Federal Deposit Insurance Corporation (FDIC) doesn't cover small businesses, so they were out of luck there, too.
I also wrote about this case back in November of 2012, but Mr. Fleischman has a great quote from Julie Rogers of the Dincel Law Group out of San Jose, representing TRC in the lawsuit against the bank.
“Cyber theft hits California businesses harder than any other segment of the population. Banks are the experts in online banking--not businesses,” Rogers told me. “It’s bad enough to believe your company’s money is safe in the bank and then find out you’ve been victimized by anonymous hackers. But it is a whole new level of victimization when the bank with whom a company has entrusted its business for years is willing to blame that business for the bank’s failure to provide its customers with even the most minimal levels of online security.”
No truer words were spoken. I mean, imagine. You have a medium to small business and you have several hundred thousands in operating costs in a "secure" bank, yet one day you wake up to find that it was all stolen by cyber thieves and your bank just throws up its hands and says "Oh, well, sorry 'bout that, pal."
How is it that a bank is completely free of responsibility for the security of the money you deposit?
TRC's isn't the only lawsuit currently wending its way through the courts systems, either. CAT victims are starting to demand compensation from banks asleep at the switch. Recently in California, Village View Escrow Company of Redondo Beach was successful in winning a settlement sufficient enough to cover its legal costs for suing its bank plus some extra.
In Michigan a state circuit judge ruled that banks and financial services had to offer more than bland apologies in CAT cases. The standard of “good hearts, empty heads,” the judged said, doesn't meet the demands of reasonable protection for customer's accounts.
Also, in Portland, Maine, Patco Construction won a suit against its bank for a CAT theft. The court ruled that even though the bank had instituted cyber security measures to industry standards, those standards are so deficient as to have made the bank's efforts unsatisfactory.
These cases show that CAT victims are neither remaining silent, nor taking their loss without seeking redress. Banks and the financial services industry need to step up their game on cyber security and lawmakers should act to bring more transparency to the process. The days of just doing a minimal job at prevent cyber-theft must end and better theft prevention measures instituted. Customers already expect that their money is safe in the bank, it’s time to ensure that it is.
Finally, in a new development, advocacy group Californians for Banking Reform, now says it is time for banks to provide the same protections to small business, non-profits and municipalities that are afforded individual consumers. The group has announced that it is now looking into throwing its weight behind banking reforms to affect this change in the laws.