Why Your Bank Won’t Protect You From Hackers
Here’s just another reason you need to be proactive about protecting your business’ money.
As consumers, we take for granted that fraudulent charges on our credit cards aren’t our responsibility. Many financial institutions offer a $0 liability policy for fraudulent charges. Others expose you to a maximum liability of only $50. The protections afforded consumers were signed into law with the Electronic Funds Transfer Act in 1978.
This protection against scam artists and fraudsters also extends to our online banking activities. If a hacker breaks into a consumer online account and is able to withdraw money, virtually all major banking institutions will reimburse the consumer in full for the fraudulent losses. It is in their interest to offer these protections. The cost of executing the average internet-based transaction for a bank is less than one cent. A similar transaction executed by a teller costs nearly 11,000 percent more.
Business banking is not the same as consumer banking
Assuming that this type of protection extends to your business accounts would be a mistake. Many banks do not have a policy that ensures their business customers will be compensated, or made whole, for losses resulting from fraudulent activity. When it comes to business accounts, there is no legal requirement for them to reimburse you for such losses. As long as the financial institution offers reasonable security procedures, they can avoid having to make you whole. According to a study by TowerGroup, a financial services research firm, small businesses have absorbed an estimated $250 million in losses since 2005 due to their business accounts being hacked.
Most small business owners aren’t aware of this fact. When they find out that they won’t recoup their money after getting hacked, many decide to sue. This is especially the case if the amount in question is in the hundreds of thousands of dollars. Very few of these cases actually make it to trial, however. In practice, most of these small businesses are forced to agree to an out-of-court settlement to avoid the significant expense of suing a bank. And they never recoup their funds.
Hackers adapt quickly to countermeasures
Part of the problem is the ever-growing sophistication of hackers. The Federal Financial Institutions Examination Council (“FFIEC”), an interagency governmental body, sets uniform principles, standards and report formats for financial institutions in the United States. Among their standards are those for authenticating online user identity. Unfortuantely, these standards are out-of-date almost as soon as they are published because hackers are so quick to adapt.
In order to further combat fraud and to increase the likelihood that banks will face responsibility for hacking-related losses, the FFIEC announced new security requirements, to go into effect on January 1, 2012. This is the first update produced by the FFIEC since 2005. This update specifically addresses the concerns of small business banking clients. It requires the implementation of an additional security layer, known as “anomaly detection,” to determine if an apparently-authenticated user is acting in an unusual way so as to quickly detect if the account is being hacked.
You need to be proactive to protect your business’ money
Despite these new standards, small businesses must continue to be wary. Even though the FFIEC requires that a plan to implement the new changes be in place by January 1, 2012, actual implementation of the plan isn’t required.
