Well over a year ago on this page I penned a pretty extensive column after I got more than a little incensed that a some cyber-thieves from the Ukraine were able to send information to Fresno-based United Security Bank [italics added for emphasis] which caused the bank to literally wire close to $3.5 million of funds TRC Operating Company without the knowledge of TRC, to a bank account in the Ukraine. Apparently three separate wires (with many more pending) were complete before someone with a heartbeat at United Security Bank thought to intervene.
After some sort of claw-back, the bank was able to grab all but about $300,000 back (I guess the wires weren’t completely done), and thus they were out about $300k because their bank fell for the equivalent of that email you get from the guy from South Africa with a “deal”…
And the official position of United Security Bank? More or less, “Pound sand!”
As I asked in my original column:
“…Put yourself at the helm of a business. Small, medium or large, it doesn’t matter — profit or nonprofit. The same principles apply. You would no more keep your company’s assets, in cash, in the office, than you would keep your own money at your house. How would you feel if one day somebody in an obscure foreign country hacked into your bank, and took your company’s money? How would you feel if your friendly neighborhood bank told you that it wasn’t their fault, and that you were just screwed? Probably not so good. What if I told you that the federal insurance that protects your personal bank account doesn’t protect business accounts?”
I was pleased as punch to see that in this case TRC decided to file a lawsuit. So many others would (and do) just walk away. TRC filed its lawsuit in May of 2012. In it they accused the bank of neglecting to office a commercially reasonable option to protect it against cybertheft and failing to process its wire transfers in good faith.
Well, practically on the eve of the judge in Kern County Superior Court rendering a summary ruling, United Security Bank offered to settle the case at $350k – an amount that would cover the amount lost plus interest. TRC agreed to settle, but of course lost their shirt in legal fees over the matter.
But it was important that TRC drew a line in the sand, because this sort of lameness by a supposedly reputable banking institution should not be tolerated.
After TRC filed the lawsuit, the bank changed their policy by the way. Apparently they put their best and brightest into a room and came up with way to avoid having this happen in the future… Now if you want to wire money from your account at United Security Bank they will actually call you (you know, on a telephone) and confirm that it is actually your wish that your funds be wired.
Why they couldn’t have had this policy (or more than a substandard security protocol) in place before is a mystery we may never be able to solve.
Oh yes, in closing, don’t give any credit to the bank for coming to a settlement with TRC. The President and CEO of the bank Dennis Woods told the Bakersfield Californian that TRC was at fault for allowing a hacker to steal Rogers’ identity. Woods told the Californian that they wanted to go to trial, but his insurance company forced a settlement.
The upside in all of this is that no doubt word of this settlement has rippled throughout the banking community, and policies for many banking institutions are being modified to protect themselves (and their depositors) from this sort of cyber-theft.
Is your money safe? Want to contact your bank? You can find out more about doing that at YourMoneyIsNotSafeInTheBank.org.