News & Perspective
Drugs & Diseases
CME & Education
Academy
Video
Decision Point

Specialty: Multispecialty
Allergy & Immunology
Anesthesiology
Cardiology
Critical Care
Dermatology
Diabetes & Endocrinology
Emergency Medicine
Family Medicine
Gastroenterology
General Surgery
Hematology - Oncology
HIV/AIDS
Hospital Medicine
Infectious Diseases
Internal Medicine
Multispecialty
Nephrology
Neurology
Ob/Gyn & Women's Health
Oncology
Ophthalmology
Orthopedics
Pathology & Lab Medicine
Pediatrics
Plastic Surgery
Psychiatry
Public Health
Pulmonary Medicine
Radiology
Rheumatology
Transplantation
Urology
Today on Medscape
Business of Medicine
Medical Lifestyle
Science & Technology
Medical Students
Nurses
Pharmacists
Residents
Edition: English

Medscape

English
Deutsch
Español
Français
Português
UKNew

Univadis

Sign Up It's Free!
English Edition

Medscape

Univadis

    X
    Univadis from Medscape

    No Results

      Tuesday, September 26, 2023
      News & Perspective Drugs & Diseases CME & Education Academy Video Decision Point
      Perspective > Medscape Business of Medicine

      What If Your Online Bank Account Is Hacked? Are You Stuck?

      Darrell Delamaide

      Disclosures

      August 02, 2012

      Introduction

      A modern nightmare: Your bank account is hacked and emptied through unauthorized transfers. Will your bank make you whole? It depends.

      Is it covered by the Federal Deposit Insurance Corporation (FDIC)? Nope. Should you worry? Probably.

      Cybertheft of banking and brokerage accounts is growing more sophisticated as hackers increasingly target small businesses as well as retail clients. Physicians need to be aware of the risks and liabilities from these attacks, both for their personal and professional accounts.

      How Bank Accounts Get Wiped Out

      Most people appreciate the convenience of online banking -- the 24/7 access from the comfort of home or office and taking care of transactions with a couple of clicks -- but it also introduces new risks. Criminals located anywhere in the world might be able to obtain the personal information that enables them to be you online and carry out transactions with your money as if they owned it. What happens next depends on several things, and these are things you should pay attention to.

      Regulators and the banking industry have developed fairly uniform methods for protecting depositors in case of bank failure, with deposit insurance or normal bank theft with banker's blanket bonds. But there is no uniformity yet on how to deal with cybertheft.

      Bank and securities regulators do have rules about when and how financial institutions must report a breach of their own cybersecurity to clients. However, the actual liability for lost funds depends on the contracts signed by the customer in opening an account.

      Many of the bigger banks, such as JPMorgan Chase, guarantee full reimbursement if their security is breached. Still, this is not uniformly the case, and many bank customers have had to go to court to try to recover their funds.

      Even more problematic are cases in which an account is hacked because the personal information has been obtained from your computer owing to lack of adequate security or precautions on your part. Some banks are treating this like leaving your purse unattended or having your wallet pickpocketed -- "Sorry for your loss, but you should have been more careful."

      Who's Responsible for Your Account Breach?

      According to Chris Loeffler, a cybersecurity expert at the law firm of Kelley, Drye & Warren LLP in Washington, DC, the fundamental question is, "Where is the hack?" If, for instance, someone with authority over the account responds to a "phishing" attack -- where the hacker poses as the bank or the Internal Revenue Service, for instance -- and releases credentials, "it gets a little problematic," says Loeffler.

      "Like any business, a physician's account has the responsibility to maintain proper levels of security," says Doug Johnson, the vice president for risk management at the American Bankers Association. These normally include appropriate levels of authentication, antivirus software, and dual control of the account.

      The Uniform Commercial Code, which is binding on physician practices as on all other businesses, requires "commercially reasonable" measures. But just what that term means in the context of cybertheft is still debatable.

      If it's clear that the financial institution is where the breach occurred, Johnson says, then the bank has the liability. If the liability is on the side of the customer, or if there is a breach of security on both sides, then reimbursement becomes a matter of negotiation or even litigation.

      Is There Strange Activity in Your Account?

      One gray area that has not been fully litigated is to what extent the bank is responsible for monitoring unusual activity in an account and alerting the customer.

      "There are new requirements at the federal level about transaction monitoring," acknowledges Doug Johnson.

      The question, says Chris Loeffler, is who is in the best position to monitor the account and to what extent the client has responsibility in this area. "There is not a bright line on this issue right now."

      The difference between identity theft involving credit cards and that involving bank accounts is that the customer sustains an immediate hit when a bank account is pilfered, notes Loeffler. "You are out those dollars immediately," he says.

      Bank accounts are insured by the FDIC up to $250,000, but only in the case of bank failure -- and only for actual bank deposits, not for other products, such as money market funds, that might also be on deposit in the bank.

      Some of these other products -- for example, securities on deposit at a brokerage house -- may be covered by the Securities Investor Protection Corporation (SIPC), another federal agency that reimburses clients for securities lost up to $500,000 when a firm fails. (Obviously, the insurance does not cover any loss of value in the securities, only the loss of the securities themselves when they are held by a failed firm.)

      But these federal agencies do not insure for loss from cybertheft. The FDIC Website says, "If a third party somehow gains access to your account and transacts business that you would not approve of, you must contact the bank and your local law enforcement authorities, who have jurisdiction over this type of wrongdoing." In other words: You're on your own -- good luck.

      processing....

      Feedback
      Help us make reference on Medscape the best clinical resource possible. Please use this form to submit your questions or comments on how to make this article more useful to clinicians.
      Pleasedo not use this form to submit personal or patient medical information or to report adverse drug events. You are encouraged to report adverse drug event information to the FDA.
      Find Us On
      About
      About Medscape Privacy Policy Editorial Policy Cookies Terms of Use Advertising Policy Help Center
      Membership
      Become a Member About You Professional Information Newsletters & Alerts Market Research
      App
      Medscape
      WebMD Network
      Medscape Live Events WebMD MedicineNet eMedicineHealth RxList WebMD Corporate Medscape UK
      Editions
      English Deutsch Español Français Português UK
      All material on this website is protected by copyright, Copyright © 1994-2023 by WebMD LLC. This website also contains material copyrighted by 3rd parties.