The Fraud Blog with Tracy Kitten

Account Takeover: Sharing Responsibility

Bank President Opens up on the Toll of Fraud
Account Takeover: Sharing Responsibility

When it comes to Automated Clearing House breaches and wire fraud, I hope 2011 proves to be the year of fewer lawsuits and more collaboration.

I spoke on this topic recently with a community banker in the southeast. In 2009, this $100 million community bank found itself at legal odds with one of its commercial customers, after that customer's online account was breached and then hit with fraudulent transactions totaling $50,000. It's rare for a banking executive to speak out on fraud and corporate account takeover, but this leader was open about the impact of these crimes on his bank, and he was outspoken about the bank's and the customer's responsibilities.

I absolutely believe that it's fair to ask commercial customers to ensure security of their transactions outside the banks' portal. 

"I absolutely believe that it's fair to ask commercial customers to ensure security of their transactions outside the bank's portal," this banker tells me. "I feel like the bank ought to take responsibility if there's any intrusion into the bank's system that impacts our customers. But I feel like the customer is responsible for everything outside the system of the bank."

The bank's president, who asked to remain anonymous, says the institution decided to settle this case to save the legal expense of a lengthy trial.

"Your account agreements might say that the customer is liable when a breach occurs, as our contract did, but it does not mean they can't sue you," the banker says.

Commercial customers have been quite vocal about their losses and the expectations they have when it comes to the level of online security banks should provide for ACH and wire transactions, as well as transaction authentication. But we rarely hear the bank's side of the corporate account takeover story.

How much security is reasonable? As this banker points out, "A lot, when it comes to the phishing e-mails, is outside the financial institution's control. It's rare that it's a breach of the bank's online system.

"I'm not sure there is a way to protect a customer," he adds, "if their actions put their network at risk."

The question of "reasonable security" is one the industry will likely continue asking, and could eventually be answered by the courts. In the meantime, how can banks and commercial clients figure out the balance, ensuring that all transactions are secure? Ultimately, that's what everyone wants, right?

If you've not heard this exclusive interview yet, take some time to listen. This banker addresses topics important to all of us in this age of electronic fraud.

Meanwhile, what do you think? Where does the responsibility of the bank end and the commercial customer begin? Will 2011 see more collaboration or more lawsuits? Please share your thoughts here.

About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years' experience, she covered the financial sector for 10+ years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by, ABC News, and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.