Source: [id: 480744; name: Computerworld; isActive: true; siteId: 3] -- Computerworld -- http://www.computerworld.com/s/article/9153598/Poughkeepsie_N.Y._slams_bank_for_378_000_online_theft

Poughkeepsie, N.Y. Slams Bank for $378,000 Online Theft

The theft of $378,000 from the town of Poughkeepsie, N.Y. is raising questions about the responsibility of banks to protect customer accounts from online criminals.

By Jaikumar Vijayan

February 08, 2010Computerworld — The theft of $378,000 from the town of Poughkeepsie, N.Y. is prompting questions about the responsibility of banks to protect customer accounts from online criminals.

In a statement last week , a town official revealed that thieves had broken into the town's TD Bank account and transferred $378,000 to accounts in the Ukraine.

The thefts took place over a two-day period in mid-January during which a total of nine attempts were made to steal money. In the end, four of the attempts were successful, resulting in the lost money.

The thefts were discovered by town officials one day after they occurred. So far, TD bank has managed to recover $95,000, with efforts still under way to try and recover the rest. The theft is being investigated by local police, the FBI and the U.S. Secret Service.

It was not clear how the thieves gained access to the town's bank account and there was no immediate response from Town Supervisor Patricia Meyers to a Computerworld request for comment. But in other such cases, crooks typically break into commercial and retail bank accounts using stolen login credentials belonging to authorized users to transfer large sums of money to banks outside the U.S.

It's a trend that's been gaining steam in recent months. Late last month, Hilary Machinery Inc. of Plano Texas said its bank account was depleted by $800,000 after criminals broke into its account and transferred the money to accounts in Romania and Italy.

Last August, NACHA -- the Electronics Payments Association -- warned its 11,000 members about cybercriminals using stolen credentials to take over corporate accounts and initiate unauthorized transfers of funds via electronic payment networks. A similar alert by the Financial Services Information Sharing and Analysis Center identified organized cybercriminals in Eastern Europe as being largely responsible for the thefts. And the FBI's Internet Crime Complaint Center noted that as of October 2009 cybercrooks had attempted to steal approximately $100 million from U.S. banks using stolen log-in credentials.

Such thefts have prompted new scrutiny and criticism about the controls banks have in place for detecting fraudulent transactions.

In a statement, Meyers blasted TD Bank for failing to spot the fraudulent activity. "We find it unacceptable that movement, or attempted movement, of money from a Town account to an account in Eastern Europe did not immediately raise a "red flag" with the bank, was not questioned by anyone at the bank, but was simply processed," Meyers said.

"We are equally disappointed that in the three weeks since the thefts were detected, no representative from TD Bank has come to Town Hall to speak with us about the situation," she said.

Originally published on www.computerworld.com. Click here to read the original story.
RESOURCE CENTER