toggle

AAPL Stock: 121.3 ( -1.07 )

Printed from http://www.macnn.com

Bank agrees to repay company's ACH-purloined funds

updated 12:48 pm EST, Sat December 1, 2012

Credentials stolen from company, bank failed to prevent theft

A financial institution in Maine has agreed to reimburse a construction company $345,000 that was stolen by hackers following a ruling that the bank had "commercially unreasonable" security precautions. People's United Bank has agreed to pay Patco Construction Company every cent it lost in 2009, plus $45,000 in interest after miscreants stole the Patco banking credentials and withdrew money from the account.

Patco argued that the bank failed in its obligation to contact the company after the bank's own automated system flagged the thefts as suspicious. Throughout the initial trial, the bank claimed to have done everything it was supposed to, because it verified that the ID and password used for the transactions were authentic. The bank was originally found blameless of the theft, but an appeals court reversed the decision over the summer, and urged the parties to settle, rather than allow the matter to return to trial.

Using the purloined data, thieves removed $588,000 in several batches from the account in automated clearing house (ACH) transfers over a week. Ocean Bank was able to block or retrieve $243,406 of the stolen funds, leaving the construction company with a loss of $345,445. To make up for the difference between the retrieved funds, and the lost funds, Ocean Bank drew $223,237 on Patco's credit to cover the transfers. Patco sued shortly thereafter, arguing that the bank didn't provide multi-factor authentications, as laid out by the Federal Financial Institiution Examination Council (FFIEC).

Charisse Castagnoli, a bank fraud expert and security consultant, said the decision could open the door to lawsuits from small businesses similarly robbed because of inadequate or outdated security procedures. Furthermore, she said that the appeals court didn't address what the victim's obligations for maintaining security in the case that bank security fails, such as a requirement for timely balance checks and responses to bank notifications. "At the same time, you can't be a sloppy or naive customer," added Castagnoli, "as the court is clearly looking for the customer to behave with some understanding of what the bank is doing with their money."




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

HP 14-x030nr 14-inch Chromebook

If you're like us, chances are you've come to realize that you need the ability to access the Internet on the go. Also, you've prob ...

15-inch MacBook Pro with Force Touch

Apple's 15-inch Retina MacBook Pro continues to be a popular notebook with professional users and prosumers looking for the ultimate ...

Typo keyboard for iPad

Following numerous legal shenanigans between Typo -- a company founded in part by Ryan Seacrest -- and the clear object of his physica ...

toggle

Most Commented