14 DAY TRIAL // A new bill introduced by New York State Senator Charles Schumer seeks amendments to existent legislation, that would provide similar level of protection against bank fraud for municipalities and school districts, as it currently exists for consumers.
The Electronic Funds Transfer Act (EFT) stipulates that banks must absorb fraud losses occurred on consumer accounts, as long as the victims report the fraudulent activity in a timely manner.
However, commercial accounts are not protected in a similar way and the attacked organizations are usually left to deal with the losses by themselves.
Some of them resort to filing lawsuits against banks in an attempt to prove that their security was not "commercially reasonable," as stipulated in most contract agreements.
So far, the motives for challenging a bank's security in court have varied from case to case, but some involve the bank not blocking transfer requests from IP addresses never before used by the victim, unusually high daily transfer limits, lack of two-factor authentication, or failure to lock the account after being alerted.
During the last couple of years, there has been an unprecedented rise in fraud involving unauthorized ACH and wire transfers from the accounts of small businesses and non-profit organizations, as well as schools, churches and even towns and cities.
The majority of these incidents were the direct result of computers used for online banking being infected with malware like the infamous ZeuS trojan.
The US authorities have recently announced a major international law enforcement operation, which resulted in tens of ZeuS-related arrests around the country, as well as abroad in UK and Ukraine.
However, according to some experts, there are solid reasons why banks refuse to cover fraud losses for commercial accounts.
One of them is that they can't afford it. Attacks against businesses result in much higher losses than the attacks against consumers.
In most cases, the fraudsters manage to steal hundreds of thousands of dollars from a single business account and if a bank would absorb the loss, it will probably recover it by increasing their fees for all customers.
Some people argue that splitting the losses between banks and affected organization would be better, but legislation that would force banks to implement better security systems might ultimately be more beneficial.
Brian Krebs reports that it's unlikely for the new S. 3898 bill to be acted upon before the November elections, which means that it will probably be reintroduced early next year.