He Said, She Said: Fingerpointing Continues in Cases of Online Account Takeover
The receiver for the now-defunct Efficient Escrow Services (based in California) is suing its former bank over a $1.5 million account takeover attack that occurred between December 2012 and January 2013 and drained the company’s funds, BankInfoSecurity reported yesterday.
Efficient Escrow Services had their accounts trained over three separate fraudulent wire transfers. In December 2012, $432,000 was taken from the account. In January 2013, two wire transfers occurred within days of each other, each one totaling around $563,000, putting Efficient Escrow Services at a loss of over 1.5 million. The losses were not noticed until February 22nd, and by then it was far too late for the bank to recover the funds. The funds from the first transfer ($432,000) were eventually recovered, but Efficient Escrow Services was still out 1.1 million, leading them to close their doors.
The lawsuit brought by Peter Davidson of Ervin, Cohen, and Jessup LLP and the appointed receiver for Efficient Escrow, alleges that the bank had insufficient security procedures in place at the time of the incident, and therefore did not act in good faith when it approved the wire transfers. The bank counters that employees at Efficient Escrow were receiving email notifications of the transfers, which if accurate, makes the delay on Efficient Escrow’s part even worse. The lawsuit is asking that the bank award Efficient Escrow the 1.1 million it never recovered.
Furthermore, Efficient Escrow alleges that the tokens used to authenticate wire transfers was somehow overridden by the bank. According to the BankInfoSecurity article, Dan Mitchell, the attorney who represented the infamous PATCO case, says that if the authentication procedures were in fact commercially unreasonable, that it could be a “big deal” for the issue of online account takeover.
This story is all too familiar. Businesses are not covered under Regulation E, a law that fully protects consumers in cases of online fraud. While it’s still up in the air whether Efficient Escrow Services neglected to keep tabs or if the bank’s security was commercially unreasonable, it’s clear that businesses struggle with receiving any type of protection in cases of online account takeover.
To learn more about online account takeover and how you can protect yourself, download our whitepaper “The Business Guide to Account Takeover Protection.”← Back to Invoice-to-Blog