Bank Agrees to Pay Cybercrime Victim $600,000


Professional Business Bank has agreed to pay a $600,000 settlement to Village View Escrow after $465,000 was stolen from the escrow company's account in March of 2010.

"Village View sued its bank over the cybertheft," writes Reuters' Andrew Chow. "But because of the Uniform Commercial Code, the company's lawyers first had to persuade a judge to allow the lawsuit to proceed. Under the UCC, a federal code for merchants that's been adopted by most states including California, a victim of wire transfer fraud can only recover the amount of money stolen, plus interest. The UCC also does not allow claims of negligence or fraud, according to PCWorld."

"Village View Escrow sued anyway, contesting Professional Business Bank's assurance that a user ID and a password constituted a state-of-the-art online banking system," writes PCWorld's Jeremy Kirk. "The lawsuit further alleged that Professional Business Bank didn't follow federal online banking security advice, including using multifactor authentication. Single-factor authentication is a user ID and a password, while multifactor authentication is a user ID, a password plus something a user has, such as a one-time passcode token. Cybercriminals can easily obtain a user ID and a password by installing malicious software on a computer, but it is more difficult to breach multifactor authentication systems."

"Sophisticated cyber attacks on small- to mid-sized businesses -- and title and escrow firms in particular -- have not subsided," writes Krebs on Security's Brian Krebs. "In the past three months, I’ve spoken with two other title companies that suffered significant losses from cyber heists, including one in Maryland that saw nearly $1.7 million worth attempted fraudulent transfers (that firm ended up losing a little more than $500,000, and is currently in negotiations with its bank)."