Thank you for sharing!

Your article was successfully shared with the contacts you provided.

FRAMINGHAM, Mass. – Credit unions might want to keep a close eye on a lawsuit filed in February by the small-business victim of a phishing scam against one of the biggest catches of all, Bank of America. Business owner Joe Lopez, whose company sells printer ink and toner, filed suit in a Circuit Court in Miami against BofA after the megabank refused to compensate him for the loss of $90,000 from his account in an unauthorized wire transfer to an account at Parex Bank in Latvia. The fraudsters had gained access to Lopez’s BofA account through a key-logging program surreptitiously installed on the business owner’s computer through a virus known as Codeflood, and the bank says it’s not responsible for the security of its customers’ computers. “If you thought the phishing fad didn’t affect business accounts, think again. To many in the financial and technology community, a case like this was destined to happen,” says Sophie Louvel, an analyst with Financial Insights who co-wrote with colleague Maggie Scarborough a report on the newly filed suit. The AHLO Inc. vs. Bank of America suit “is a wake-up call,” Louvel says. “Tighten up security around transactions initiated through the Internet and wireless channels or prepare for greater loss, adverse publicity and reputation risk.” Louvel and Scarborough point to an irony in the situation. While financial institutions spend hundreds of millions of dollars in security software, and Bank of America itself is considered a leader in online security, many “allow less-savvy small business customers to effect high-value, free-form wire transfers with no more than a password and a PIN and without dual authorization and authentication,” the analysts say. “That’s an open invitation to crime.” Solutions would include multi-factor authentication, such as a token device that generates a one-time password, as part of an end-to-end security control and risk management posture that incorporates “multiple points along the transaction path, in the front and back ends, with the last checkpoint taking place in the back-office system prior to release from the payment system itself,” the think firm analysts wrote in their report. “Several new technology securities would have been capable of stopping attempts by phishers to enter an online account, either through more secure authentication, transaction analysis or online behavior analysis,” Louvel adds. Such sophisticated checks already are widely used in money-laundering and credit-card fraud detection systems but are newer on the demand deposit side, Louvel says, noting that the fact this particular transaction was en route to Lavia, an East European nation known as a hotspot for cybercrime, might raise the bar for the bank in this case. Whether it’s settled or tried, this case will “certainly force” financial institutions and regulators to think hard “about what commercially reasonable security is, Louvel says. And the stakes are high for financial institutions whose customers and members do become victims of phishing and identity theft scams. A recent survey conducted by Financial Insights shows that close to 6% of U.S. consumers over the age of 18 have switched financial institutions specifically to minimize the their risk of becoming a victim of identity theft. “This equates to 12 million people” switching accounts simply because of the perception of risk, Louvel notes. “The challenge, of course, lies in building the business case for increased security,” the Financial Insights analyst says, adding that the survey results help show that “security can be a service differentiator.” [email protected]

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including Law.com and GlobeSt.com.

Already have an account?


Credit Union Times

Join Credit Union Times

Don’t miss crucial strategic and tactical information necessary to run your institution and better serve your members. Join Credit Union Times now!

  • Free unlimited access to Credit Union Times' trusted and independent team of experts for extensive industry news, conference coverage, people features, statistical analysis, and regulation and technology updates.
  • Exclusive discounts on ALM and Credit Union Times events.
  • Access to other award-winning ALM websites including TreasuryandRisk.com and Law.com.

Already have an account? Sign In Now
Join Credit Union Times
Live Chat

Copyright © 2022 ALM Media Properties, LLC. All Rights Reserved.