by Dave Moore, 1-13-19
Have you ever actually read the agreement you have with your bank, or did you simply “sign on the line,” ignoring the pesky details about who’s required to do what?
After all, who can understand all that ridiculous legalese, anyway? Who’s got time for such hassles?
Many businesses are discovering the hard way they need to make time for such hassles after having their online bank accounts drained by Internet crooks. After losing many thousands of dollars, they are learning the agreements they signed do not obligate their banks to cover their losses. These victims may just have to kiss that stolen money goodbye forever.
A little-known fact about Internet banking is that different rules apply to individual, personal accounts as opposed to business accounts. Banks are required to make good some types of losses from personal accounts. While banks are required to provide “commercially reasonable” online security measures, federal regulations regarding reimbursement to personal accounts do not apply to business accounts.
Most online banking agreements for personal accounts encourage individuals to practice good computer security, such as the following:
“You are responsible for keeping your password, account numbers, personal identification information and other account information confidential. You are also responsible for using a compatible web browser that has a high security standard. The Bank is not responsible for customer errors or negligent use of Online Banking and will not be liable for losses due to negligent handling or sharing of passwords or leaving your computer unattended during access.”
Even with that stern language, losses from personal accounts are limited, and most agreements continue with the following:
“If your account has been compromised and you tell The Bank within two (2) days after you learn of a loss or theft, you can lose no more than $50 if someone used your online password to access your account. If you do not tell us within two (2) business days, and we could have stopped someone from taking money without your permission, you could lose as much as $500.”
In other words, if you find out your personal, individual online bank account has been hacked and you have lost money, and you report the loss in time, your losses are limited. Contrast that with the following, which is representative of most online banking agreements for business accounts:
“You agree to be bound by any transfer, instruction or payment order we receive through the Services, even if it is not authorized by you, if it includes your password or is otherwise processed by us in accordance with our security procedures. You agree to establish, maintain and update commercially reasonable policies, procedures, equipment and software that will safeguard the security and integrity of your computer system and information from unauthorized use, intrusion, takeover or theft, and prevent your password from unauthorized discovery or use.”
“You bear all risk of fraudulent transfers and other losses arising from your failure to follow this agreement or from the interception of your communications prior to their receipt by us. You agree that The Bank is authorized to execute, and it is commercially reasonable for us to execute, any instruction received by us with your password.”
Put plainly, if you, as a business owner, do a crummy job of protecting your online banking passwords, and your business gets ripped off, too bad for you. Under the terms of the agreement you signed, the bank is not obligated to cover your losses.
Banks are required to provide “commercially reasonable” online security measures to protect their customer’s accounts, both personal and business. Recent court decisions are beginning to clarify what that means, and some banks with shoddy security protections have been held liable for business account losses in spite of the disclaimers contained in their online banking agreements.
Keep in mind, though, that, even with courts requiring banks to provide stronger, “commercially reasonable” security for online banking, business customers cannot expect the same loss coverage as individual customers. Read the agreement you signed. If your bank is doing a good job security-wise, and your business gets ripped off because your security stinks, you may be up the proverbial creek without a paddle.
Dave Moore has been fixing computers in Oklahoma since 1984. As founder of the Internet Safety Group, he also teaches Internet safety workshops for public and private organizations. He can be reached at 405-919-9901 or www.internetsafetygroup.com