You put your money into the bank trusting that your banking institution's computer security safeguards will it from falling into the wrong hands. But when hackers do manage to break in and steal money from your account, should the bank be held responsible? Not according to a Maine judge who ruled in a case involving a business that sued its bank after losing $345,000 via unauthorized Automated Clearing House (ACH) transfers.
Patco Construction Company sued Ocean Bank in 2009 after hackers infiltrated the company's online account and tried to make away with $589,000 in ACH transfers, according to an IT World report. The bank managed to block $243,000, leaving Patco responsible for the remaining $345,000, plus interest charges on more than $100,000 from Patco's credit line to cover the illegal transfers.
So why doesn't the bank have to foot the bill? Plain and simple, the security breach occurred on one of Patco's computers as a result of malware. As far as the bank sees it, Patco was negligent with its online banking credentials, and that's why cyber crooks were able to steal so much money.
From Patco's perspective, the bank should have known that something fishy was going on since the illegal transfers were out of the ordinary based on the company's past transactions. Patco contends that Ocean Bank was at fault for not implementing stronger authentication schemes, like token-based authentication and out-of-band verification.
"Alarms were going off all over the place, but the unfortunate part is that the bank was not watching them," said Mark Patterson, a co-owner of Patco. "It's not their problem. They're not responsible for security."
In a 70-page ruling, Magistrate Judge John Rich sided with Ocean Bank and rejected Patco's claims that it wasn't at fault. The judge did say that Ocean Bank could have done more to authenticate the identity of those involved in the illegal transfers, but ultimately Patco was to blame.