Posts Tagged: Jim Payne


26
Jun 12

Bank Settles With Calif. Cyberheist Victim

A California escrow firm that sued its bank last year after losing nearly $400,000 in a 2010 cyberheist has secured a settlement that covers the loss and the company’s attorneys fees. The settlement is notable because such cases typically favor the banks, and litigating them is often prohibitively expensive for small- to mid-sized businesses victimized by these crimes.

In March 2010, organized computer crooks stole $465,000 from Redondo Beach, Calif. based Village View Escrow Inc., sending 26 consecutive wire transfers from Village View’s accounts to 20 individuals around the world who had no legitimate or previous business with the firm. The escrow firm clawed back some of the stolen funds — $72,000 — but that still left Village View with a $393,000 loss, forcing the company’s owner to take out a personal loan at 12 percent interest to cover the loss of customer funds).

In June 2011, Village View sued its financial institutionProfessional Business Bank — arguing that the bank was negligent because it protected customer accounts solely with usernames and passwords. Last week, Village View announced that it had reached a settlement with its bank to recover more than just the full amount of the funds taken from the account plus interest for Village View Escrow.

Kim Dincel, a shareholder at Silicon Valley Law Group, which represented the plaintiffs, said the Uniform Commercial Code and its corresponding California Commercial Code limits the damages resulting from wire transfer fraud to only the actual amount of money lost plus interest – nothing more.  Common law claims such as negligence, breach of contract and fraud, and the damages that attached to them, are generally precluded from being asserted by a victim of wire transfer fraud in a lawsuit involving wire transfer fraud, he added.

“Banks typically deny liability for the cyber-theft which forces small businesses to spend money they do not have on legal fees and regulatory expenses in order to recover a limited and defined set of damages under the Uniform Commercial Code (UCC),” Dincel said in a prepared statement released Monday.

The Bank of Manhattan, which acquired Professional Business Bank last month, did not return calls seeking comment.

Continue reading →


23
Nov 10

Escrow Co. Sues Bank Over $440K Cyber Theft

An escrow firm in Missouri is suing its bank to recover $440,000 that organized cyber thieves stole in an online robbery earlier this year, claiming the bank’s reliance on passwords to secure high-dollar transactions failed to measure up to federal e-banking security guidelines.

The attack against Springfield, Mo. based title insurance provider Choice Escrow and Land Title LLC began late in the afternoon on St. Patrick’s Day, when hackers who had stolen the firm’s online banking ID and password used the information to make a single unauthorized wire transfer for $440,000 to a corporate bank account in Cyprus.

The following day, when Choice Escrow received a notice about the transfer from its financial institution — Tupelo, Miss. based BancorpSouth Inc. — it contacted the bank to dispute the transfer. But by the close of business on March 18, the bank was distancing itself from the incident and its customer, said Jim A. Payne, director of business development for Choice Escrow.

“They said, ‘We’re going to get back to you, we’re working on it’,” Payne said. “What they really were doing is contacting their legal department and figuring out what they were going to say to us. It took them until 5 p.m. to call us back, and they basically said, ‘Sorry, we can’t help you. This is your responsibility.'”

A spokesman for BancorpSouth declined to discuss the bank’s security measures or the specifics of this case, saying the institution does not comment on ongoing litigation.

According to documents filed today with the Circuit Court of Greene County, Mo., BancorpSouth’s most secure option for Internet-based authentication requires the customer to have one user ID and password to approve a wire transfer and another user ID and password to release the same wire transfer. The other option — if the customer waives or does not choose dual control — requires one user ID and password to both approve and release a wire transfer.

Choice Escrow’s lawyers argue that because BancorpSouth allowed wire or funds transfers using two options which were both password-based, its commercial online banking security procedures fell short of 2005 guidance from the Federal Financial Institutions Examination Council (FFIEC), which warned that single-factor authentication as the only control mechanism is inadequate for high-risk transactions involving the movement of funds to other parties.

“BancorpSouth should have, and could have, offered a commercially reasonable multifactor authentication method, since it had ample time (more than four years, October 2005 to March 2010) and knowledge of the need and requirement to provide its customers with secure authentication methods, as evidenced from the numerous documents it received, and/or knew about or should have known about, from the FFIEC and FDIC,” the complaint charges.

Continue reading →