Account Takeover: Sharing ResponsibilityBank President Opens up on the Toll of Fraud
When it comes to Automated Clearing House breaches and wire fraud, I hope 2011 proves to be the year of fewer lawsuits and more collaboration.
I spoke on this topic recently with a community banker in the southeast. In 2009, this $100 million community bank found itself at legal odds with one of its commercial customers, after that customer's online account was breached and then hit with fraudulent transactions totaling $50,000. It's rare for a banking executive to speak out on fraud and corporate account takeover, but this leader was open about the impact of these crimes on his bank, and he was outspoken about the bank's and the customer's responsibilities.
I absolutely believe that it's fair to ask commercial customers to ensure security of their transactions outside the banks' portal.
"I absolutely believe that it's fair to ask commercial customers to ensure security of their transactions outside the bank's portal," this banker tells me. "I feel like the bank ought to take responsibility if there's any intrusion into the bank's system that impacts our customers. But I feel like the customer is responsible for everything outside the system of the bank."
The bank's president, who asked to remain anonymous, says the institution decided to settle this case to save the legal expense of a lengthy trial.
"Your account agreements might say that the customer is liable when a breach occurs, as our contract did, but it does not mean they can't sue you," the banker says.
Commercial customers have been quite vocal about their losses and the expectations they have when it comes to the level of online security banks should provide for ACH and wire transactions, as well as transaction authentication. But we rarely hear the bank's side of the corporate account takeover story.
How much security is reasonable? As this banker points out, "A lot, when it comes to the phishing e-mails, is outside the financial institution's control. It's rare that it's a breach of the bank's online system.
"I'm not sure there is a way to protect a customer," he adds, "if their actions put their network at risk."
The question of "reasonable security" is one the industry will likely continue asking, and could eventually be answered by the courts. In the meantime, how can banks and commercial clients figure out the balance, ensuring that all transactions are secure? Ultimately, that's what everyone wants, right?
If you've not heard this exclusive interview yet, take some time to listen. This banker addresses topics important to all of us in this age of electronic fraud.
Meanwhile, what do you think? Where does the responsibility of the bank end and the commercial customer begin? Will 2011 see more collaboration or more lawsuits? Please share your thoughts here.