Gavel to Gavel: Sophisticated Hackers Mandate Heightened Protection for Wire Transfers

Crowe & Dunlevy

It used to be that banks only had to worry about old-fashioned robbers with a mask and a gun. Today’s sophisticated network hackers have presented banks and their customers with an entirely different adversary. Despite increased attention and preventive measures, losses from the compromise of business email and related wire transfer fraud cost Americans over $1.8 billion in 2020, according to FBI estimates. Considering that wire transfer fraud is often underreported, the losses are obviously significant and even sophisticated businesses are getting scammed.

Typically, a fraudster hacks into a company’s network and determines its wiring habits and processes. They then impersonate the owner or a senior executive and send wire instructions to the company’s bank that are like what has been done before. They even capture the executive’s own cursive signature from other scanned documents to electronically place it on wire transfer instructions. Often, the hacker also tracks the executive’s travel plans so they are out of the office when the fraud is initiated. Having received what looks like a legitimate transfer request, the company’s bank then wires the money to the fraudster’s bank, usually overseas, where it is usually withdrawn immediately.

Is the bank liable to its customer? Maybe. The Uniform Commercial Code provides generally that banks bear the risk for fraudulent payments but that the risk can be avoided if “commercially reasonable” security procedures have been implemented. Whether something is “commercially reasonable” depends on the facts of each case, but the standard can usually be met by entering into a wire transfer agreement with the customer that specifically states what is required to authorize the bank to send a wire on the customer’s behalf. Banks should then follow the agreed upon procedures to the letter.

Both banks and customers should also:

  • •Verify: Always verify information, even from trusted sources.
  • Use verification calls. Use independently verified phone numbers to confirm wire instructions verbally. Do not rely on email alone or trust information in an email. In most cases, a simple phone call could have uncovered the fraud.
  • Be suspicious. Question any wire transfer going to a location different from the party receiving the funds.
  • Train employees. Train employees to identify signs of fraudulent emails such as variations in addresses.
  • Report immediately. When a fraudulent wire is realized, report it immediately through clearing banks and to the FBI. Although rare, it is sometimes possible to catch the funds before they are gone forever.

This article first appeared in The Journal Record on November 10, 2021, and is reproduced with permission from the publisher.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Crowe & Dunlevy | Attorney Advertising

Written by:

Crowe & Dunlevy

Crowe & Dunlevy on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.