Corporate Account Take-over – Is a legislative remedy needed to protect banks and businesses from online fraud?
We can’t stop Automated Clearing House (ACH) fraud, but we can stop commercial victims from being stuck with the losses from ACH fraud. The American Bankers Association (ABA) and security services vendors offer diametrically opposed perspectives on this issue of how to prevent corporate account takeover attacks.
The ABA is currently lobbying for more protections for small business, pointing to the PlainsCapital-Hillary Machinery case, which revolved around the definition of “reasonable security”. The ABA says banking institutions won’t provide commercial customers with more protection unless they’re forced to do so. Current regulations protect only consumers – not small to medium-sized businesses. It just sounds so implausible that banks would allow this to happen to their commercial customers.
The Electronic Funds Transfer (EFT) Act, also known as Regulation E, was implemented in the United States in 1978 to establish the rights and liabilities of consumers as well as the responsibilities of all participants in EFT activities. Security vendors believe that amending “Reg-E” is a bad idea – one that would pit banks against their commercial customers. Changes on the retail side of Reg-E would completely absolve a retailer from any responsibility, and you can see from a community banking standpoint how that might be ineffective. When you place Reg-E protections in the business account environment, you potentially upset the business model, creating disincentives for the banks to provide basic products for commercial customers that they have come to expect.
Most vendors advocate stronger protections against database breaches coming from a more collaborative approach that takes banking and business interests into consideration. They believe that Community banks have the ability to protect customers, just like other larger banks do. The biggest risk with corporate account takeover is the damage it does to the financial institutions and their customers. At the end of the day, it’s all about shared responsibility to protect accounts.