FRAMINGHAM, Mass. – Credit unions might want to keep a close eye on a lawsuit filed in February by the small-business victim of a phishing scam against one of the biggest catches of all, Bank of America. Business owner Joe Lopez, whose company sells printer ink and toner, filed suit in a Circuit Court in Miami against BofA after the megabank refused to compensate him for the loss of $90,000 from his account in an unauthorized wire transfer to an account at Parex Bank in Latvia. The fraudsters had gained access to Lopez's BofA account through a key-logging program surreptitiously installed on the business owner's computer through a virus known as Codeflood, and the bank says it's not responsible for the security of its customers' computers. “If you thought the phishing fad didn't affect business accounts, think again. To many in the financial and technology community, a case like this was destined to happen,” says Sophie Louvel, an analyst with Financial Insights who co-wrote with colleague Maggie Scarborough a report on the newly filed suit. The AHLO Inc. vs. Bank of America suit “is a wake-up call,” Louvel says. “Tighten up security around transactions initiated through the Internet and wireless channels or prepare for greater loss, adverse publicity and reputation risk.” Louvel and Scarborough point to an irony in the situation. While financial institutions spend hundreds of millions of dollars in security software, and Bank of America itself is considered a leader in online security, many “allow less-savvy small business customers to effect high-value, free-form wire transfers with no more than a password and a PIN and without dual authorization and authentication,” the analysts say. “That's an open invitation to crime.” Solutions would include multi-factor authentication, such as a token device that generates a one-time password, as part of an end-to-end security control and risk management posture that incorporates “multiple points along the transaction path, in the front and back ends, with the last checkpoint taking place in the back-office system prior to release from the payment system itself,” the think firm analysts wrote in their report. “Several new technology securities would have been capable of stopping attempts by phishers to enter an online account, either through more secure authentication, transaction analysis or online behavior analysis,” Louvel adds. Such sophisticated checks already are widely used in money-laundering and credit-card fraud detection systems but are newer on the demand deposit side, Louvel says, noting that the fact this particular transaction was en route to Lavia, an East European nation known as a hotspot for cybercrime, might raise the bar for the bank in this case. Whether it's settled or tried, this case will “certainly force” financial institutions and regulators to think hard “about what commercially reasonable security is, Louvel says. And the stakes are high for financial institutions whose customers and members do become victims of phishing and identity theft scams. A recent survey conducted by Financial Insights shows that close to 6% of U.S. consumers over the age of 18 have switched financial institutions specifically to minimize the their risk of becoming a victim of identity theft. “This equates to 12 million people” switching accounts simply because of the perception of risk, Louvel notes. “The challenge, of course, lies in building the business case for increased security,” the Financial Insights analyst says, adding that the survey results help show that “security can be a service differentiator.” [email protected]

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.