-By Warner Todd Huston
We are all suffering from the mistaken idea that our money is “safe” after we put it in a bank. The fact is your money is at risk every day as it sits in your bank or with your financial services provider. It isn’t necessarily because those institutions will waste it, misspend it, or invest it badly. It’s because of the newest yet the oldest financial problem, bank robbery.
Now, it isn’t that we have to worry about a resurgence of the old fashioned way of robbing banks. Criminals aren’t stealing millions by running into bank lobbies and making frightened cashiers empty out tills into pillow cases. No, the problem is the new, self-styled cyber-criminal using the Internet to steal millions from banks, and often the theft happens days before the bank is even aware it occurred.
Cyber-theft is a growing and dangerous problem. Unfortunately, many banks and other financial services haven’t taken enough measures to stop or even detect these thefts until it is too late. Worse, in many cases banks and financial services are telling account holders — that would be you and me — that the loss is irretrievable and, well, you are just out of luck. The cash is gone and there’s nothing that can be done about it.
Most of these cyber-thieves are from Ukraine or other former Soviet Bloc countries and it’s been going on for nearly 20 years. Specializing in Corporate Account Takeover’s (CATs), these foreign thieves create fake accounts and via the Internet worm their way into the computer records of banks and their customers and successfully transfer millions in relatively small amounts to untraceable accounts.
And the dirty little secret: unlike our individual bank accounts that are covered by FDIC insurance, the accounts of small businesses, non-profits, cities and their police and fire departments (i.e. your tax dollars) are NOT covered by any such insurance guarantees. So once the money is gone, it’s gone forever.
The scariest thing is that banks and financial services seem more interested in spending large sums of money on lawyers charged with preventing account holders from suing to get their lost money back than they are in putting in place preventive measures to stop the theft in the first place.
But things are heating up for these recalcitrant banks though.
For instance, TRC Operating Company, an independent oil producer based in Taft, California, is suing its bank to recover $299,600 that organized cyber thieves stole from the company accounts held at United Security Bank of Fresno.
TRC isn’t the only one. CAT victims are starting to demand compensation from banks asleep at the switch. Recently in California, Village View Escrow Company of Redondo Beach was successful in winning a settlement sufficient enough to cover its legal costs for suing its bank plus some extra.
In Michigan a state circuit judge ruled that banks and financial services had to offer more than bland apologies in CAT cases. The standard of “good hearts, empty heads,” the judged said, doesn’t meet the demands of reasonable protection for customer’s accounts.
Also, in Portland, Maine, Patco Construction won a suit against its bank for a CAT theft. The court ruled that even though the bank had instituted cyber security measures to industry standards, those standards are so deficient as to have made the bank’s efforts unsatisfactory.
These major cases show that CAT victims are neither remaining silent, nor taking their loss without seeking redress. Banks and the financial services industry need to step up their game on cyber security and lawmakers should act to bring more transparency to the process. The days of just doing a minimal job at prevent cyber-theft must end and better theft prevention measures instituted. Customers already expect that their money is safe in the bank, it’s time to ensure that it is.