After being targeted by cybercriminals, a company borrowed $336,000 from their bank. The company has now refused to repay the loan or even acknowledge it was loaned any money. The bank has consequently taken the customer to court.
Wallace & Pittman is a company dealing with real estate, legal and escrow services. It was targeted by cybercriminals on May 9, 2012. The company which is based in Charlotte, N.C was the target of a sophisticated and well timed cyber heist. On the morning of May 9th, the company had just closed a real estate deal which amounted to $386,600.61. It had initiated a wire transfer of the same amount to a bank in Virginia Beach. Several hours later, cybercriminals initiated their own, but rogue transaction of $336,600.61 – exactly $50,000 less.
That very day at around 3 p.m, Park Sterling Bank which is based in Charlotte, and is the banker of the victim received a wire transfer order of $336,300.61 from the law firm. The bank insists that the order came through the law firm’s legitimate username and password. It also says that the order passed the PIN code, challenge and response test. Having verification, the bank processed the order which was destined to JP Morgan Chase, New York which was an intermediary. The funds were then transmitted onward to a Moscow-based bank.
Much later during the day, Wallace & Pittman received an electronic wire transfer confirmation. The firm called the bank and said that the wire transfer was not authorized. The firm also alerted the bank of an intrusion into their system by a hacker. It said that an electronic intrusion into its systems resulted in the installation of a certain strain of a keystroke-logging virus. The firm suspected that rogue virus was enjoined in a phishing email which had been designed to look as though it came from National Automated Clearing House Association (NACHA). NACHA is a trusted network used by many entities for a wide range of financial transactions in the U.S.
Park Sterling Bank like many banks in U.S allocated a provisional credit to the law firm. This credit is supposed to protect the customer from overdrawing their trust account. This is also done to allow for some time if the wire transfer will be returned. Both parties having realized what had just happened, PSB informed the customer that the money credited in its account needed to be refunded by the end of the month.
On the day the loan was to be billed the loan amount to the trust account of the firm, a complaint was filed by Wallace & Pittman against the bank. On that very day, May 30, 2012, the firm obtained a temporary order restraining the bank from debiting any of the firm’s accounts with the loan amount. Wallace & Pittman pulled the carpet from under the bank by withdrawing all the monies in its three accounts at the bank the following month. Consequently, the restraint was dismissed.
PSB went to court to have its former customer pay back the loan plus interest accrued. However, Wallace & Pittman countered the PSB’s claims by saying that never did the bank, before the return of the funds, specifically say that the funds credited to its trust account were a provisional credit. In fact, the bank only started calling the ‘returned funds’ as provisional credit ten days after it had credited the firm’s account. To prove their point, the firm produced its bank ledge transactions where the bank is seen to have initially classified the amount as ‘reverse previous wire entry’.
Wallace & Pittman refused to comment on the ongoing court battle with its former bank. However, the firm says that the allegations by the bank are unfounded as at the time of the theft, it did not have in place commercially reasonable security procedures to allow it run secure online banking services. To solidify its case, the law firm added that the IP address used for the fraudulent transfer was not associated with it. Moreover, the bank knows that the law firm had never before initiated a wire transfer to Moscow or to any other place outside the U.S.
According to Wallace & Pittman, PSB was in a positioned to question the authenticity of an international wire transfer coming from the firm. The firm further states that the bank was in a good position to know of the many cyberheists being conducted today especially those involving Russian based gangs.
According to the law firm, PSB security authentication process involves a couple of passwords. To transfer money online, all one had to do was enter their username and password. When a customer wants to do a wire transfer, one was supposed to enter a banking ID and a 4-digit static wire code.
There would be two challenge questions after the wire code was transmitted. According to Wallace & Pittman, their answers to the challenge questions were always the same. The bank had preprogrammed the questions based on the instinctive simple four letter word.
But as the story transpired later, the law firm was seen to be liable of the cyberheist and not the bank.