Printed from http://www.electronista.com

Bank agrees to repay company's ACH-purloined funds

updated 12:48 pm EST, Sat December 1, 2012

Credentials stolen from company, bank failed to prevent theft

A financial institution in Maine has agreed to reimburse a construction company $345,000 that was stolen by hackers following a ruling that the bank had "commercially unreasonable" security precautions. People's United Bank has agreed to pay Patco Construction Company every cent it lost in 2009, plus $45,000 in interest after miscreants stole the Patco banking credentials and withdrew money from the account.

Patco argued that the bank failed in its obligation to contact the company after the bank's own automated system flagged the thefts as suspicious. Throughout the initial trial, the bank claimed to have done everything it was supposed to, because it verified that the ID and password used for the transactions were authentic. The bank was originally found blameless of the theft, but an appeals court reversed the decision over the summer, and urged the parties to settle, rather than allow the matter to return to trial.

Using the purloined data, thieves removed $588,000 in several batches from the account in automated clearing house (ACH) transfers over a week. Ocean Bank was able to block or retrieve $243,406 of the stolen funds, leaving the construction company with a loss of $345,445. To make up for the difference between the retrieved funds, and the lost funds, Ocean Bank drew $223,237 on Patco's credit to cover the transfers. Patco sued shortly thereafter, arguing that the bank didn't provide multi-factor authentications, as laid out by the Federal Financial Institiution Examination Council (FFIEC).

Charisse Castagnoli, a bank fraud expert and security consultant, said the decision could open the door to lawsuits from small businesses similarly robbed because of inadequate or outdated security procedures. Furthermore, she said that the appeals court didn't address what the victim's obligations for maintaining security in the case that bank security fails, such as a requirement for timely balance checks and responses to bank notifications. "At the same time, you can't be a sloppy or naive customer," added Castagnoli, "as the court is clearly looking for the customer to behave with some understanding of what the bank is doing with their money."



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Adesso Xtream S3B Bluetooth speaker

Finding a speaker purpose-built for a specific need is challenging. Even when a Bluetooth speaker can be paired with a mobile device, ...

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Sponsor

toggle

Most Commented

 
toggle

Popular News