Bank of America hit with lawsuit over electronic transaction
A Miami businessman is suing Bank of America to recover $90,000 that he
claims was stolen and diverted to a bank in Latvia after his computer was
infected by a "Trojan horse" computer virus.
Although consumers are routinely hit with "phishing" E-mails carrying bank
logos intended to dupe them into revealing IDs and passwords, this is the
first known case of a business customer of a U.S. bank claiming to have
suffered a loss as a result of a hacking incident.
In a complaint filed earlier this month, Joe Lopez, owner of a computer and
copier supply business, accused Bank of America of negligence and breach of
contract in not alerting him to the existence of a virus called "coreflood" prior
to April 6, 2004, the date the alleged theft took place. In July, the bank sent
a letter to users of Bank of America Direct, its online business banking portal,
alerting them to a new "dual administration" feature requiring the approval of
at least two individuals to execute a funds transfer. The letter also
recommended that clients install antivirus software.
The $90,000 was transferred from Lopez's account to Parex Bank in Latvia,
according to the complaint. Shortly afterwards, $20,000 was withdrawn from
Parex by unknown individuals; the other $70,000 has been frozen by Latvian
A letter from the U.S. Secret Service to Lopez in November stated that
Lopez's PC was found to be infected by coreflood, which logs victims'
keystrokes through a backdoor installed on their computers. The Secret
Service had been called in to investigate by Bank of America, says Lopez's
attorney, Ralph Patino. "The Secret Service took my client's hard drive and
came up with the fact that it was infected," he says.
Bank of America says in a statement that an internal review turned up
nothing unusual about the way the transaction had been handled and that
the bank had followed all required security procedures.
Bank of America is on fairly solid ground legally, experts say. "A bank can't
be expected to be responsible for safeguarding its customer's computer
environment against all forms of attack," says Maggie Scarborough, research
manager at Financial Insights.
At the same time, the possibility that its online banking system is vulnerable
to attack is troubling. "Bank of America has invested millions in security,"
Scarborough says. "Yet users still don't understand all the risks inherent in
online banking, and banks can't depend on users to protect themselves."
Courtesy Buys Inc., Attorneys