In 2010, an Oregon based hay maker fell victim to a cyberheist which cleaned its bank account close to $250,000. The agricultural products company is now suing its bank in an effort to recover the stolen funds. Just like many other companies which have fallen victim to cyberheists, this company is suing to try and make its financial partner take more responsibility in this expensive and unfortunate event.
The attacks on Oregon Hay Products started on September 1st in 2010. It was discovered that criminals had managed to hack into the company’s bank account and started making illegal wire transfers. The hay compressing company which is based in Boardman, Oregon got robbed of $223,500. Over a period of three days, the criminals managed to spirit away three transfers each of just under $75,000.
The lawyers of the company intimated that the company had set a $75,000 daily limit on all outgoing transfers. The thieves were inhibited by this and were only able to transfer $74,800, $74,500, $74,200. The transfers went to JSC Astra Bank, Ukraine. Based on the official complaint filed in the Umatilla County Circuit Court, all of the three transfers targeted the hay company’s checking account found in a Community Bank located at James, Oregon.
For a whole two weeks after the cyberheist, neither the victim nor their bank detected anything amiss. It was only after Oregon Hay Products tried accessing its account to no avail that the theft was discovered. Both parties refused to talk on this story.
As it happens, when cyber criminals strike, business enterprises are not as legally protected like other banking customers in the consumer section. In fact, many companies have found themselves being held responsible for such phishing and account takeovers by criminals. Many businesses have fallen victim to the cybercriminals in the recent past. However, despite the stark odds against them, some businesses are opting to sue their banks for recovery of stolen monies.
WHO IS LIABLE?
Most states in U.S have adopted the Uniform Commercial Code. This code states that any payment order that a bank receives irrespective of whether it’s authorized or not will be honored. However, the bank should follow a security procedure or process that is commercially viable so as to keep off unauthorized transactions. Further to this, the bank should show that it accepted the payment order not only in good faith but in compliance with any written agreement or instructions from the client.
Oregon Hay Products brings its case forward based on the credence that the Community Bank online security procedures were not in line with UCC’s Article 4A. It claims that the bank’s security procedures were not commercially viable considering the modern complicated and sophisticated threats. The company also alleges that bank did not accept the payment order in good faith.
According to the plaintiff, the bank’s security system fell short of the stringent Federal Financial Institutions Examination Council (FFEIC). The council recommends that banks put in place a multi-factor authentication process in order to identify and verify all users who are using its online banking software. This process requires that the bank presents two to three authentication factors. These factors include;
- A password or PIN (something the user know)
- A smart card or a one-time ticket (something the user has)
- A fingerprint or an iris scan (something which a user is)