Wire Fraud Victim Sues Bank

Escrow Company Lost $440,000 After Banking Credentials Stolen
Wire Fraud Victim Sues Bank
A Missouri-based escrow company has sued its bank after losing $440,000 in a case of wire fraud.

The suit, filed on Nov. 23, alleges that Choice Escrow of Springfield, Mo., was a crime victim because its bank, BankcorpSouth, didn't provide "commercially reasonable security." Via malware, hackers stole Choice Escrow's BancorpSouth online banking ID and password and on March 17 fraudulently wired $440,000 overseas to a bank in Cyprus.

"BankcorpSouth did not offer us a commercially reasonable security method for access to our online account," says Jim Payne, Choice Escrow's manager of business development.

BankcorpSouth, a $14.3 billion bank headquartered in Tupelo, Miss., says it doesn't comment on pending litigation, and would not comment on this lawsuit, according to BankcorpSouth's corporate communications head Randy Burchfield.

Another Zeus Victim

According to Payne, it appears Choice Escrow fell victim to a variant of the Zeus malware, which obtained access to one of the company's computer work stations. "This malware then logged our keystrokes and sent our banking log in and password information to the cybercriminals," Payne says. "This seems to have been possible by the lack of a secure online banking environment provided by our former bank."

Choice Escrow notified BancorpSouth of a problem on the day of the transfer. "BancorpSouth indicated it would not retrieve the money and would not refund us the amount taken," Payne says. After the theft, Payne and other senior staff had to scramble to come up with more than $300,000 to cover the losses. The company was forced to lay off two employees, he says, and eventually was able to secure a small business loan to cover the account's losses.

The suit alleges that the bank approved the international wire transfer for $440,000 to Cyprus, despite it creating an overdraft of $90,000 in the account, and despite that Choice Escrow had never sent any international wire transfers before this one.

Payne describes Choice Escrow as a busy company with anywhere from $18 million to $25 million each month in deposits. Because the company is small, with only a handful of staff, it didn't choose to use the bank's dual control settings for ACH and wire transactions, Payne says.

Initially, Choice Escrow decided to remain quiet about the loss. "Our thinking was it would affect the trust our customers have for us," Payne says. As time passed and it became clear that BankcorpSouth was not willing to cover the company's losses, company leaders made the decision to file suit.

Similar Cases

Choice Escrow's wire fraud incident is hardly the first. Rather, it's one of hundreds of recent corporate account takeovers made in the U.S. by foreign hackers aimed at looting bank accounts via ACH and wire fraud. The typical scenario: An individual at the business receives an email that is loaded with an executable file containing malware. The unsuspecting employee opens the email, infecting the computer with malware -- most often of the Zeus Trojan variety that is designed to steal online banking credentials.

Because Regulation E doesn't cover commercial fraud losses -- only consumer losses -- businesses and municipal districts are left to make up for these thefts.

Law enforcement agencies are actively investigating these cases, and members of one criminal gang were arrested recently both here in the U.S. and in Europe.

Another escrow company, Village View Escrow of Redondo Beach, Calif., was hit in an attack in March similar to the type that hit Choice Escrow, and hackers made off with $465,000. The two escrow companies are among many cases being reported, the largest heist being one that hit a New York state school district last December for $3 million.

Some other several high-profile corporate account takeovers include:

Turning to Congress

Seeking legislative help, Payne reached out to an influential member of Congress to plead for more investigation of these crimes. In a letter to Alabama Congressman Spencer Bachus, Payne describes what he sees Choice Escrow and other victims of account takeover facing when trying to get a judge to rule in their favor in such cases.

"The Uniform Commercial Code is so arcane and written at a time before cybercrime became an issue deals with 'commercially reasonable security' - which has never been defined so that we have a clear understanding of what is commercially reasonable.

"I should obviously have a greater need for online banking security than say a tire dealer who does not wire money or transfer great sums of other people's money," he tells Bachus, who will be the next chairman of the House Financial Services Committee in the 112th Congress.

For businesses facing the same threats, it is not viable or economical for the business owner to also become an IT banking security expert, Payne says. "The banks have to step up and take the lead; they have the resources and the ability to make commercial accounts safe. For the amount we lost, BancorpSouth could have implemented the Fort Knox of online banking security."


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.