In the nefarious world of hacking, there are numerous ways cyber thieves can extract money from their victims: They can sell stolen data in black market auctions, or use it to commit tax fraud, or even to extort the data’s owner, for example.
Another lucrative venue for hacker exploits is the commercial financial account. By breaking into the ACH (Automatic Clearing House) system, which is the infrastructure US banks use for electronic transfers of money such as direct deposit and auto bill pay, hackers have struck gold.
This type of wire fraud can be highly frustrating and costly for a larger business, while potentially devastating for a smaller one.
The problem is significant, but because the media reports relatively few instances of ACH fraud, public awareness is low.
To understand how ACH hacking works, we’ll look at a recent case in Maine. In 2009, PATCO Construction fell prey to ACH fraud when cyber criminals, over the course of one week and through numerous withdrawals, stole $589,000 from its commercial bank account.
According to The Sanford News, the debits did not match the normal pattern of transactions PATCO had established over the years with People’s United Bank, yet the bank failed to freeze the account. It was only after PATCO received a letter in the mail from the bank stating that an account receiving funds had an invalid number that company officials realized something was wrong.
After the discovery, the bank was able to rescue about $243,000 from the thieves. But that still left PATCO with a huge $345,000 loss. When the bank denied any responsibility for the transactions, PATCO sued. The case was finally settled in November 2012.
Ultimately, the construction company won the lawsuit and the bank agreed to pay back the remaining amount that it was unable to recover. But in spite of the victory, PATCO co-owner Mark Patterson told Bank Info Security that the time and cost involved in litigation did harm to both parties.
The unanswered question in future cases involving ACH transfer fraud is this: How much responsibility does each party have? In the PATCO case, the court ruled that under Article 4A of the Uniform Commercial Code, a commercial business can potentially have some duty to prevent such cyber crimes.
If PATCO had purchased cyber liability insurance, company officials could have avoided the time, effort, and money spent on their multi-year lawsuit.
We at INSUREtrust have been cyber liability insurance experts for over 15 years, and every day we help large and small businesses obtain the right policies for their particular needs.
Internet insurance doesn’t have to be expensive, but it is money well spent. The premium cost for a cyber insurance policy can be as little as $1000 for a $1 million policy limit.
Over the past ten years, INSUREtrust has written more than $100 million in premiums and paid more than $30 million in claims. Insurers are looking for business and we can find competitive pricing and terms for almost any risk.