Pub. 6 2011-2012 Issue 2

www.nebankers.org 10 Extraordinary Service for Extraordinary Members. SECURITY OFFICER’S BY-WORD T O READ THE CLAIM AND RESPOND to it, the e-mail asked the company to click on the re- sponse button. This took the company to an official-looking Bet- ter Business Bureau website. The company then was required to load a program to see the details about the claim against them. Once loaded, the company was told the claim had been withdrawn. computer, logged on to the Internet banking system, and sent an ACH payroll file to the bank’s computer to be processed. This company’s bank had a policy of verifying all ACH files directly with the company before processing the ACH file. The bank was told that the ACH file was fraudulent. It took sev- eral weeks of investigation before the company understood how they had been hacked. In the meantime, the crook sent additional e-mails to other large busi- ness customers of other banks. One of those banks did not have a verification process in place. Upon receiving an ACH file through the Internet bank- ing system, the bank automatically processed a file sending its customer’s funds to various accounts across the country. A total of $278,000 in funds was ACH’d from the account. The customer received an e-mail from the bank confirming the ACH transactions had been processed. The customer no- tified the bank early the next morning that the transactions were fraudulent. It is difficult if not impossible to reverse an ACH credit transaction. The bank was able to reverse about 10 percent of the ACH transactions. The bank reviewed its Internet banking contract and found that it did not address the issue of someone hacking into a customer’s computer and using its Internet banking system. The liability of the bank was unclear. Other banks have Internet banking contracts that hold the customer li- able when someone uses the business customer’s computer or information obtained from the business customer to fraudulently enter Internet banking transactions. Every bank should consider whether it wants to take the risk of completely automating large ACH or wire trans- actions. A bank should consider How to Avoid Internet ACH Fraud Charles M. Towle , Senior Vice President, Kansas Bankers Surety Co. In reality, however, the website downloaded the spyware program to the business’ computer. Later, when the company logged on to its bank’s Internet banking site, the crook was able to obtain the ID and password of the company. About 3:30 p.m. that afternoon, the crook, using the spyware program, actually took control of the business’ A crook purchased a spyware program available on the Internet. He then sent official-looking e-mails to a large company claiming the e-mail was from the Better Business Bureau regarding a reported claim against the company.

RkJQdWJsaXNoZXIy OTM0Njg2