Dedicated to Deposits: Deals, Data, and Discussion
Featured Savings Rates
Featured Accounts

Protect Your Business Bank Account From Hackers

Friday, January 18, 2013 - 5:58 AM
Clark Howard has long warned business owners that they could lose money if their bank accounts are hacked. He offers some more stats and tips in this January 17th show notes:
According to a recent New York Times story, more than 10% of small businesses have now had funds stolen from bank accounts, with loses amounting in the billions.

Under the current law, a business is not protected by a bank when a hacker breaks into a business account.

Read more
3
Ken TuminKen Tumin5,469 posts since
Nov 29, 2009
Rep Points: 125,077
1. Friday, January 18, 2013 - 11:02 AM
More fundamentally, there is vulnerability for the wiring/ACH system we have now.  All the information needed for ACH or wiring is the routing number and the account number.

If one has a check for the said account, that is it (the wiring routing number may be different from that of ACH, but it is easily obtainable).

I think that there should be added required information for enahnced ACH/wiring.  For example, EIN or social security number, name/date of birth of owner; secret password (Measure 1 by Howard Clark).

The way the system works now, anyone can hack it in a minute.  Hello??
3
51hh51hh1,476 posts since
Jan 16, 2010
Rep Points: 6,426
2. Friday, January 18, 2013 - 12:55 PM
That is a good idea. It does seem too easy to do an ACH debit of an account with just a routing and account number.

However, there does seem to be some behind-the-scenes checks inside the banks, especially the banks that originate the ACH transfers. As I described in this November post, there are rules that banks must adhere to when ACH debits are done. It would be better if the transfer system was set up so that fraudulent transfers wouldn't be possible in the first place.
1
Ken TuminKen Tumin5,469 posts since
Nov 29, 2009
Rep Points: 125,077
3. Friday, January 18, 2013 - 10:20 PM
Ken,

Thanks for the internal bank-checking information.

I am very nervous with ACH system.  It is not particularly aimed at fraudulant access.  It is a tested vulnerability.  I once had an unauthrized ACH debit for my account with a large credit union.  Fortunately I discovered it within a day. 

They checked the source and decided it was meant for a slightly differnt account number of the same credit union.  So technically there is a high likelihood that an ACH can wrongly debit an account simply due to numerical or human errors. 

It highlights the extreme importance to check one's account constantly for errors!

51
1
51hh51hh1,476 posts since
Jan 16, 2010
Rep Points: 6,426
Reply