Do you keep all of your money in cash? In your mattress, or perhaps in the secret compartment in your bedroom floor, revealed only when you pull back the carpeting from the wall? Of course not, undoubtedly you, like everyone else, keep yourr money in a bank (or similar financial institution). Why do you do this? No doubt for two key reasons — convenience and security. You want to be able to write checks, use a debit card, and all of things, right? And of course nothing symbolizes “secure” in our minds more than a bank vault — your money is safe, right? Heck, if anything happens with your money, the Federal Deposit Insurance Corporation (FDIC) has you covered!
Now put yourself at the helm of a business. Small, medium or large, it doesn’t matter — profit or nonprofit. The same principles apply. You would no more keep your companies assets, in cash, in the office, than you would keep your own money at your house. How would you feel if one day somebody in an obscure foreign country hacked into your bank, and took your company’s money? How would you feel if your friendly neighborhood bank told you that it wasn’t their fault, and that you were just screwed? Probably not so good. What if I told you that the federal insurance that protects your personal bank account doesn’t protect business accounts?
Late last year I read an article by ace reporter Katy Grimes over at the Calwatchdog.org website on U.S. businesses getting attacked by cyber-terrorists, and in that story Grimes’ highlighted the plight on one California, the TRC Operating Company (TRC) out of Kern County, that operates about 250 oil wells. At the time I thought to myself that I wanted to look into it more, and finally got around to it.
So here is the sad tale of the TRC Operating Company. They put their assets into a local community bank called the United Security Bank (USB), headquartered locally in Fresno. A trip to the community bank’s website find a mission statement that begins… To be recognized as a provider of the highest quality financial services to small and medium sized businesses, as well as professionals, organizations and individuals within our communities.
It turns out that “highest quality financial services” is a very subjective description. Perhaps the bank meant responsive tellers at banking windows. Because apparently what they did not mean was keeping the deposits of customers, in this case TRC, safe and protected from being ripped off.
In late 2011 some “Cyber Hackers” operating out of Eastern Europe managed to get into USB’s banking system and literally wired out nearly $600k of TRC’s money in three separate transfers to some account the Ukraine, with nine more transfers in in the works. It was at that point when someone at USB thought to contact TRC with a “what’s up?” call. When USB figured out these were cyber hackers, they were able to reverse some of the wire transfers — but in the end the bad guys got away with just shy of $300k of TRC’s money.
When I heard this – I had the same thought that you are probably having now — how could that happen? Weren’t there safeguards in place to make sure this kind of thing couldn’t occur?
I spoke with attorney Julie Rogers of the Dincel Law Group out of San Jose, who actually represents TRC in this matter, who told me that the unauthorized wire transfers were suspicious and anomalous to the normal banking patterns at United Security Bank. She told me that despite the fact that USB didn’t utilize any commercially reasonable security procedures of any kind, that USB was assuming no responsibility for the lost funds. From the bank’s perspective, the customer was being tossed to the curb. TRC is currently in the midst of a lawsuit to get their money back from USB.
“Cyber theft hits California businesses harder than any other segment of the population. Banks are the experts in online banking—not businesses,” Rogers told me. “It’s bad enough to believe your company’s money is safe in the bank and then find out you’ve been victimized by anonymous hackers. But it is a whole new level of victimization when the bank with whom a company has entrusted its business for years is willing to blame that business for the bank’s failure to provide its customers with even the most minimal levels of online security.”
I couldn’t agree with her more. Getting back to the point I made at the very top of this column, the whole point of putting your money into a BANK is that it is SAFE. In my humble opinion, it is totally outrageous that United Security Bank didn’t make TRC whole. Even worse, TRC is now racking up attorney fees engaged in litigation with the bank.
Oh, and another eye-opener — that federal deposit insurance that protects your personal money at a bank — yeah, that doesn’t do anything for small business accounts. Nada, zero, zilch.
In her piece, Grimes reported that the federal government had gotten involved legally, filing an official written agreement with United Security Bank, to strengthen bank oversight. It also turns out that USB has even made a list of troubled banks, where their credit issue have them ranked as “vulnerable.”
I hope that TRC wins their lawsuit (they should know soon), and then they get made whole. Although the law here is troublesome in that unless fraud can be proven on USB’s part, TRC may be limited to only getting their stolen money reimbursed — but not their legal fees. And think about this. What if the mysterious Ukrainians issuing fake wire transfer orders had gotten all of TRC’s money out of the bank? Then they would have had no money with which to sue the bank.
So I guess at this point, as I think it is important to hold someone accountable for being a bad actor here, I would introduce you all to Dennis R. Woods. A “community leader” in the Fresno area — who is the longtime CEO and Chairman of the Board of USB. According to public filings, Woods pulls down a cool $557,000 annually in compensation (that I could readily look up). If you run into Mr. Woods at a Bulldogs game (he’s a big financial backer of CSU Fresno and its athletics department) or at other swanky charity events around town, ask him why he thinks it is okay for his customers to take it in the shorts when his bank can’t protect the assets in their bank accounts? I guess if you are not out and about in Fresno, you could drop Woods an email: firstname.lastname@example.org.
Looking into this issue has certainly made me nervous about the funds that I have in two business accounts at my Credit Union in Orange County. The good news is that when I called them to ask about whether this could ever happen to my money, they put me in touch with someone who explained that wire transfers may not be made without confirmation from an authorized account signer. Seems pretty simple — but it’s a shame for the TRC company that it was too simple for the folks at United Security Bank (who might want to think about dropping the work “Security” from their name).
Oh yes, I placed a call into United Security Bank to ask about this matter. No response… Shocking…