it's every technophobe's nightmare, but this time its true. Some $50,000
was stolen from Fan Bao's online bank account by Croatian computer
hackers and the bank told him that the loss is not their problem.
Could it happen to you? Here's the back story to help fill in who is at risk.
Seven years ago, Fan Bao opened a checking account at Bank of America
to facilitate his small import-export business called ZICO USA. When he
needed to wire money, he or his wife, Cathy Huang, would walk a few
blocks to Bank of America's Highland Park, Calif., branch and execute
the transfer in person.
But two summers ago, a BofA branch official urged Bao to do his banking
online, assuring him that it was every bit as safe as banking in
person. Only wires sent from Zico's computer, accompanied by a
downloaded security certificate, would be honored, he was told. Bao
followed the bank's security instructions to the letter, and accepted
the bank's assurances that his money was safe.
But last summer, two fraudulent drafts were sent through Bao's
account--one for $50,000 and another for $99,100. Both drafts were
going to a bank in Croatia that Bao had never done business with. In
fact, Bao had never before sent a wire transfer to anyone outside of
Hong Kong or China.
The bank recognized that the transfers were improbable, but didn't stop
them. A bank official called Bao to report "unusual activity" on his
account, but refused to tell him what it was because Huang was the
company's only "authorized agent" and she was on a business trip in
Hong Kong, according to court filings. When Huang was able to reach
BofA later that day, the couple discovered that nearly $150,000 in
unauthorized wires had been charged to their business.
Huang immediately denounced the charges as unauthorized and fraudulent.
The bank was subsequently able to stop payment on the second draft for
$99,100, but the other $50,000 already had been paid to the Croatian
bank and the money had been withdrawn. When Bao asked for the money
back, Bank of America told him the missing $50,000 wasn't their problem.
Why? Bao had agreed to the bank's "terms and conditions" when opening
the business checking account, which said that the bank did not have to
make any special effort to "detect errors" in wire transfer requests.
Wire transfer rules only require the bank to follow standard security
protocol, which includes encrypting accounts. In a five-page response
that Nada Alnajafi, Bao's attorney, calls a "form letter," the bank
cites wire transfer rules that say that for Bao to recover the fraud
loss from the bank, he has to prove that it was the bank--not Bao--that had the security breach.
Bao has seen no other indication of hacking on his own computers,
Alnajafi said. Aside from these two wires, neither this nor any of his
other financial accounts, have been hit. Nonetheless, the bank says in
its letter that it suspects that given the amount of "malware" in the
online community, Zico's computer was infected with some type of
"keylogging virus" that captured his user credentials. Thus, he's
stuck. If Bao contends otherwise, it's incumbent on the small business
owner to file suit against one of the nation's biggest banks to prove
it.
He's done just that. Bao says in the suit, filed in Los Angeles
Superior Court, that the fraud occurred only weeks before the bank was
set to initiate tightened security procedures that included a "SafePass
token." The bank informed him they were adding this level of security
in late May and Bao immediately signed up. But the bank didn't
"activate" Bao's safe pass until July 13th. The fraud occurred on June
22.
Bao's suit indicates that he suspects that bank employees are in on the
scam. He is alleging negligence and breach of good faith and fair
dealing, among other things. He asks for his money back.
Bank spokeswoman Shirley Norton said the bank has not been served with
the suit, so it cannot comment on the allegations. Citing client
confidentiality, the bank also would not comment on any specific client
matter. But Norton said that the bank takes safeguarding client
information very seriously.
"BA Direct includes an advanced security mechanism with layered
security controls for authenticating wire transfers," she said in an
email. "Those
controls include personal digital certificates, encryption, customized
authorization and entitlement, separation of duties, automatic log-offs
and password expiration."
"Our security procedure is consistent with those used by other major banks to authenticate wire transfers."
The only thing Norton said that could give some comfort on the "could
it happen to you" front is that business accounts present more risk
than personal accounts.
Business accounts are regulated by the commercial code. The commercial
code puts the onus on the customer, not the bank, in some disputes.
Personal online banking accounts (and debit card transactions) are
covered by Regulation E--a.k.a. the Electronic Funds Transfer Act. You can read the whole thing here.
My summary would be this: With a personal account, you're only liable
for $50 in unauthorized charges, unless you fail to report the charges
promptly. Your losses can be as high as $500 if you fail to report the
fraud within two days of learning about it, and can be unlimited if you
don't report the fraud within 60 days of getting a statement (unless
you've been out of the country or in the hospital).
Before the suit was filed, Bank of America attorneys wrote a letter to Bao (provided to CBS MoneyWatch) that said: "Neither
the Bank nor any other major wire transfer bank is or can be in the
position of manually vetting each incoming payment order to make an
independent assessment whether it appears to be 'normal' for a
particular customer. Such a process would be commercially infeasible
and would delay or halt billions of dollars of wire transfers each day
and would constitute an unacceptable substitution of the bank's
judgment for that of its customers."
Alnajafi skeptically replied that banks, of course, do just this with millions of credit card transactions each day.
"If you try to use your credit card out of state to buy a cup of
coffee, they'll freeze your account," she said. But wiring $150,000 to
Croatia, when you've never sent a dime there before? That's not going
to set off any alarms.
Online Robbery: Hackers Steal $50,000. Bank Says 'Tough Luck'
Written By ization shop on Tuesday, July 24, 2012 | Tuesday, July 24, 2012
Label:
Criminal news,
Hacking News,
heacker bank
Subscribe to:
Post Comments (Atom)
Popular Posts Today
-
Root Shell is the dream of all hackers. Usually a hackers who entered thgrough a web vulnerability , will upload web shell . with web shell ...
-
In this article I will use tactics to hijack the session fixation Mandiri Internet banking session which is the largest b...
-
Learn about Paypal Phishing attack to hack Paypal account password . Recently paypal phishing attack has shown a shocking boost,Paypal p...
-
So there’s a lot of tutorial and tips out there on how to hack a bank account and the bank hacking software. Some hackers claim they ...
0 komentar:
Post a Comment