Joe Lopez, a Miami businessman who regularly conducts business over the Internet, is suing Bank of America for negligence and failure to provide protection for online banking risks of which he claims the bank was aware. Last April, Mr. Lopez's computer system was hacked into and $90,348.65 was wired from his account at Bank of America to a bank in Riga, Latvia without his approval.
Ralph Patino, Mr. Lopez's lawyer, claims Bank of America had knowledge of a virus called coreflood, a Trojan horse virus known for infiltrating and compromising security systems and enabling unauthorized access to infected computers, and therefore the bank had a responsibility to inform its customers of the virus.
In addition, Mr. Patino argues that the bank should have been alerted when the transfer of such a large sum was initiated. He claims that Latvia, along with Russia, Eastern Europe, and the other Baltic states are known for having a high level of cyber-criminal activity and thus a large monetary transfer to that part of the world should have been questioned.
Bank of America is taking the position that since the bank's own computers were not hacked, the bank has no responsibility for the loss. Parex Bank, the bank in Latvia that received the money, has frozen $70,000 of the $90,000 transfer while the investigation is pending. The rest of the money was withdrawn by someone with access to the account prior to the funds being frozen.
Avivah Litan, vice president and research director for research firm Gartner Inc. and an online fraud expert, suggests that banking cybercrime cases such as this one may result in banks adopting stricter security measures in the future. "Banks can't reasonably expect consumers to protect themselves from cybercriminals," said Ms. Litan. She believes that consumers need banks to offer greater security if they want online banking to increase. Gartner Inc. predicts that within two years, "50 percent of today's stronger methods for customer authentication will no longer be strong enough to be a safeguard against phishing and malware."
Mr. Lopez has replaced as much of the stolen money as possible with his own personal funds while he awaits a decision by the Miami Circuit Court. And he has stopped wiring money online.