Corporate Account Takeover

Corporate account takeover

Corporate account takeovers can cost you millions.ย 

Some thieves gain control of company bank accounts using a corporate account takeover scheme. And with that control, they steal money. Below youโ€™ll see how this type of theft occurs.

Corporate account takeover

On March 17, 2010, cyber thieves hacked into the computers of Choice Escrow and stole theย login ID and password to their online banking account. With that information, the thieves were able to submit a $440,000 wire transfer from Choice Escrowโ€™s bank account to an account in Cyprus.

When Choice Escrow and the bank were unable to resolve their differences, Choice Escrow filed suit. The back-and-forth legal battle lasted until March 18, 2013, when a court ruled the loss was the responsibility of Choice Escrow. A major determining factor in the decision was Choice Escrowโ€™s refusal of the dual control security mechanism offered by Bancorpsouth Bank. According to Article 4A of the Uniform Commercial Code, if an institution offers a reasonable security procedure to a commercial customer and that customer turns down that security procedure, then the customer is liable in the event of a loss.

Bancorpsouth Bank offered dual control to Choice Escrow twice. Not only did the bank offerย this security feature to Choice Escrow, but Bancorpsouth also documented the customerโ€™s refusal to use the security feature. The documentation of the customerโ€™s refusal of the security features was a determining factor in this case. From a bankโ€™s perspective, this case underscores the importance of a written agreement with commercial online banking customers and, more importantly, the importance of documenting the security procedures offered to those customers. From a userโ€™s perspective, the case highlights the need to use the security procedures offered.

Corporate Account Takeover

Corporate account takeover is a term which has become more prevalent over recentย years. Generally speaking, corporate account takeover occurs when an unauthorized person or entity gains access or control over another entityโ€™s finances or bank accounts. This usually results in the theft of money in the form of fraudulent wire transfers or ACH transactions.

These fraud schemes first began to be noticed in 2005 but have since become much more widespread and frequent. Recent statistics have revealed that the fraudsters carrying out these schemes are actually becoming less successful in getting money out of a bank account. This reduction is due to both increased efforts on the part of the financial institutions, as well as better education of the customer to help them avoid becoming a target.

Usually, the financial institutions themselves are not the targets of the attack but rather theย corporate customers of the institution. Using malware, social engineering,ย and various otherย methods, the fraudster obtains information about the customerโ€™s online banking credentials.ย Once the online banking credentials have been obtained, a request for wire or ACH transfersย is placed by the thief. Any business may be targeted for these types of attacks, but those atย risk mostly are small businesses, governments, and nonprofits who have limited resources to protect against such threats.

So take these precautions to lessen the chance of a corporate account takeover.ย 

Learn from my CPA Hall Talk newsletter!

Get my free accounting and auditing digest with the latest content.

Powered by Kit

3 Comments

  1. If a bank client refuses the additional security, the bank should not be held responsible.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.