Dedicated to Deposits: Deals, Data, and Discussion

Internet Banking and Fraudulent Transfers


Internet Banking and Fraudulent Transfers

One fear that people have with internet banking is having their money stolen by electronic means. Bank-to-bank transfers via ACH make it easy for consumers to transfer money, but unfortunately, it can also allow tech savvy criminals to steal your money. Here are two possible ways that money can be stolen via ACH transfers:

  1. An ACH debit originates from your bank. This could happen if someone has your password, logs into your account, sets up an external link, and transfers out money.
  2. An ACH debit that originates from another bank. If someone has your bank's routing number and your account number, they could pull funds from your account.

As you can see, the second way can be easier for the criminal. If you dispute an unauthorized ACH transfer (for #2 above) within 60 days, the bank will likely refund the lost money since it's not liable for the money. After 60 days, it can get more complicated.

An example of what can happen if you wait too long was provided by FW member leony in this FW thread. He described how his father-in-law had a fraudulent debit of over $1,900 from his FNBO Direct online savings account. Since it was discovered many months after the incident, FNBO Direct is claiming that it's too late for them to do anything:

My father-in-law has an FNBOdirect online savings account. Because he never received any paper statements, he just never bothered to look at his account. Today he discovered that in October of last year, there were 2 unauthorized transfer of $1900+ each to some unknown bank account in BoA! He called FNBO and they told him it's too late to do anything.

The FW member lastgaspjr has a useful description of the regulations involved, NACHA and the Federal Reserve Regulation E, and he describes how Regulation E can help in this case. Here's an excerpt:

Federal Reserve Regulation E makes a consumer's bank liable for unauthorized electronic transfers from a consumer's account. There is no time limit for filing a claim of unauthorized electronic transfer under Regulation E if the transaction does not involve an "access device" (such as a debit card).

Even though the customer may have Regulation E on his side, the bank is likely not to make it easy for him to get back his stolen money since the bank can't pass on the cost to the other bank where the fraudulent ACH originated.

This reminds me of an incident that I had with my credit union. I had a mysterious ACH debit of around $100 from my reward checking account. I had an account alert that sent me an email when my balance went below a threshold. So I was immediately able to report the problem. This turned out to be the credit union's mistake, and they quickly refunded the money after I reported it. Setting up account alerts when your balance falls below a certain threshold is good way to monitor your accounts.

This issue of bank's liability for ACH transfers is one reason why some banks have many limitations on their ACH transfers. I reviewed these details in this post on restrictive ACH policies.

I haven't had time to read through Regulation E to confirm all the details mentioned in the FW thread. Please leave a comment if you can provide insights into this regulation.



Related Posts

Comments
10 Comments.
Comment #1 by 51hh posted on
51hh
This is an example of worst nightmare, especially for "loaded" RCAs (i.e., $25,000 or $50,000 per account).  The protection is (1) password stage: make password difficult, change it frequently, etc. (2) watch one's account(s) like a hawk (daily is prefferred), and (3) Equip computer with strong security and anti-virus (and spyware) software.

4
Comment #2 by 51hh posted on
51hh
And (4) implement account alerts, if available: Many banks (e.g., BofA) new offer e-mail alerts (e.g., when balance falls below a cumtomer specified amount or when a transfer above certain amount is made).  This is a very useful feature that we all should urge our banks to offer.

4
Comment #3 by Anonymous posted on
Anonymous
Just a heads up. WSUPP (Written Statement Under Penalty of Perjury) have recently been supplanted by WSUD (Written Statement of Unauthorized Debit). It's the same document, but no longer requires notarization.

3
Comment #4 by Anonymous posted on
Anonymous
In fact, this week a fraudulent ACH check for over $100 was submitted to my credit union (and paid).  It originated from a local grocery store, one that is miles from my part of town.  CU has now closed that account and opened a new one.  The problem is, the credit union has a list of ACH transferees/transferors that are authorized for my account, and the originator of that ACH check was not on the list but the item paid anyway.  If I hadn't been notified by email of a paid check, I wouldn't have known until my next statement.  Most likely this started with a new rewards checking account I set up (and then closed) with a small bank about 150 miles from here -- it required ACH to be set up.  I closed it because of concerns about their lax security, but two weeks later, this happened with my primary (credit union) account, where the small bank's ACH transfer would have withdrawn funds.  The connection, although not provable, seems obvious.  I think ACH transfers are dangerous.  

1
Comment #5 by Anonymous posted on
Anonymous
Banking Guy,
The refund of the claimed money is not that simple. Most banks require that you make the dispute in writing on a notarized letter. You may not have access to all of your funds in the account until the account is investigated and the bank may close your account for future protection of fraudulent withdrawals.
If the amount is substantial, you need to contact the local police and file fraud report before the bank releases the money back to you. It happen to me not so long ago.

 

4
Comment #7 by 51hh posted on
51hh
Hi Grady (#6):

That is a very good question.  I used to be multiple savings at 6% or more APY (5-6 years ago).  Then came the RCAs and I am hooked with them.  The majority of my cash is in RCAs, witnessing them from 6% APY to 4%... now averaging 3.5%.  Meanwhile, I already did some major RCA "hopping" and I repent:D.

As I said before, when all RCAs are below 4%, that may be the time I bail out.  It may not happen for another year or so.  Then I will (1) return all my HELOC fund (accounts for 50% of my cash), (2) invest in low-risk well-allocated mutual funds with a short time horizon (maybe hybird fund like OAKBX), (3) keep cash in low-interest RCAs (a compromise when it is a must, 3% may not look that bad then; recall at the 6% era, 4% looks pretty low...). 

Like my GF Scarlett said, "I will think about it tomorrow; after all, tomorrow is another day!!!".

3
Comment #10 by 51hh posted on
51hh
Grady: Sorry a bit off-topic; but thanks for the tips.  Have not research mutual funds for a while.  All my 401K fund is mostly in TIAA 3.5% APY retirement annuity, with about 12% in equity (diversified in Fidelity mutual funds).  Since the stock market never recovered, it is meaningless to research mutual funds at this time.  I may eventually learn more about bonds.  I do have strong interest on investing in general.

For now, RCA seems to be a good investing vehicle for immediate cash, with a lot of monitor and care.  Another caution I have is to limit daily debit/ATM amount to $100 each, if permitted by banks.   

1
Comment #11 by Anonymous posted on
Anonymous
As an account holder, it is your responsibility (to which you contractually agree during account set up) to reconcile your bank account and to notify your bank of any errors (per Regulation E) during a specified amount of time.  Your father's failure to do this is simply irresponsible. 

I'm not suggesting he deserved what happened to him, just that he take responsibility for his failure to live up to his contractual obligations. 

1
Comment #13 by Rosedala (anonymous) posted on
Rosedala
Hello 51hh, pardon my ignorance but....what does RCA stand for ?  Thanks.

2
Comment #15 by Rosedala (anonymous) posted on
Rosedala
Thank you Anonymous #14!    :o)

1