Petronella Blog Archive

Visit our New Blog

Ecuadorian Bank Sues Wells Fargo After Cyber Thieves Steal $12.2M

Blog Post

Banco del Austro (BDA), a bank in Ecuador, filed a lawsuit against Wells Fargo Bank (WFB) for failing to flag suspicious transitions made on January 21, 2015, in which $12.2M was transferred from an HSBC account in San Fransisco to multiple accounts in Hong Kong, two accounts in the U.S. (one to a WFB account in Los Angeles and another to a Chase account in NY), and another account in Dubai. Of the $12.2M, WFB discovered and returned $1.85M, but BDA is seeking full compensation.

These types of hacks are happening more and more often, as an increasing number of banks move toward implementing real-time payments and automated clearing-house systems. These automatic transfers can be advantageous when money is needed immediately; however, it does not give financial institutions the time it may need to investigate suspicious activities.

In order to make these types of international transactions more secure, participating banks use the Society for Worldwide Interbank Financial TelecommunicationSociety for Worldwide Interbank Financial Telecommunication's (SWIFT) messaging systems.  SWIFT is a global member-owned cooperative and the world’s leading provider of secure financial messaging services. The SWIFT website states that “through SWIFT, banks, custodians, investment institutions, central banks, market infrastructures and corporate clients, can connect with one another exchanging structured electronic messages to perform common business processes, such as making payments or settling trades.”

It should come as no surprise that hackers are emulating these SWIFT messages so that they can successfully transfer funds instantly, without setting off any red flags. This theft was not a SWIFT breach; according to official court filings, “an unauthorized user remotely accessed BDA's computer system after hours, logged onto the SWIFT network purporting to be BDA, and redirected transactions to new beneficiaries with significant dollar amounts."

The Case for BDA

BDA is blaming WFB for not spotting possible fraud. They stated that the large sums and the late hour, combined with the fact that the transfers went to multiple accounts across multiple countries, should have set off the fraud bells. In fact, the hackers also attempted to transfer over one million dollars from a US Citibank accounts, to accounts in Dubai and Hong Kong, but Citibank blocked those transfers.

BDA states in their lawsuit that WFB has a contractual agreement to “verify the authenticity of SWIFT payment orders pursuant to the SWIFT authentication procedures in accordance with the SWIFT User Handbook," and to follow general US commercial banking practices, such as “'know your customer' and fraud detection policies and procedures designed to detect and deter suspicious activity in the accounts."

WFB Petitions Court of Dismissal

BDA questions whether WFB followed applicable US statues and regulations. According to WFB court document, BDA is blaming WFB for failing to “...conduct due diligence for BDA's benefit and to stop the transfers at issue.” This same document goes on to state that, because of the mutual agreement to SWIFT procedures, “compliance with these statutes and regulations is irrelevant to Wells Fargo's obligation under [New York Uniform Commercial Code]."

Liable if You Do, Liable if You Don't

Most people have had to wait for checks to clear or funds to be transferred. This can frustrating, especially if there is an immediate need. However, banks need to protect themselves from hackers and fraud, by making sure that the transaction is valid.

Now when large sums of money are involved and stakes are high, banks run the risk of being held liable for proceeding with caution. But if it is fraudulent, banks run the risk of being held liable for their lack of caution.

SWIFT Security Question

This is the third attack to have been recently reported to SWIFT, two of which were successful. The total theft is reported to be nearly $100M. U.S. Government officials are starting to take notice. “These cyberattacks raise important questions about the security of the SWIFT system and the ability of its members to prevent future attacks,” Sen. Tom Carper (D-Del.) wrote.

SWIFT has warned customers to take a more proactive approach in detecting fraudulent messages. SWIFT is in no way being held responsible, but even so, the Wall Street Journal reports that the Belgium-based business is taking such steps to improve security, as centralizing “all information about ongoing attacks and security measures in a restricted section of its website."