Call me: 609-203-3666 - Banking Expert Witness

Wire Transfer and Automated Clearing House (ACH) Fraud

The past decade has seen an enormous increase in the amount of wire transfer and automated clearing house (ACH) fraud. This increase in fraud is the direct result of dramatic increase in the number of business and consumer transactions that take place over the Internet using cloud-based email services. The most common is a scam known as Business Email Compromise or, as it is sometimes called, email account compromise.

The Federal Bureau of Investigation explains this type of fraud as follows:

There are a number of BEC scam variants. One of the most effective types is initiated through phishing emails designed to steal email account credentials. Cyber criminals use phishing kits that impersonate popular cloud-based email services. Many phishing kits identify the email service associated with each set of compromised credentials, allowing the cyber-criminal to target victims using cloud-based services. Upon compromising victim email accounts, cyber criminals analyze the content of compromised email accounts for evidence of financial transactions. Often, the actors configure mailbox rules of a compromised account to delete key messages. They may also enable automatic forwarding to an outside email account.

Using the information gathered from compromised accounts, cyber criminals impersonate email communications between compromised businesses and third parties, such as vendors or customers, to request pending or future payments be redirected to fraudulent bank accounts. Cyber criminals frequently access the address books of compromised accounts as a means to identify new targets to send phishing emails. As a result, a successful email account compromise at one business can pivot to multiple victims within an industry.

Internet Crime Complaint Center (IC3) | Cyber Criminals Conduct Business Email Compromise through Exploitation of Cloud-Based Email Services, Costing US Businesses More Than $2 Billion

In the typical business email compromise, the victim unknowingly follows the fraudulent emailed wire transfer instructions and directs its bank to wire transfer a substantial sum of money to an account controlled by the wrongdoer. Often the account is at an off-shore bank and beyond the reach of law enforcement or the courts in the United States.

The victim then blames its bank for failing to detect the fraudulent beneficiary. The bank usually denies any liability for executing the wire transfer as directed by the customer. The result is usually a lawsuit filed by the victim against its bank to attempt to recover the stolen funds.

These lawsuits involving wire transfer fraud are governed by Article 4A of the Uniform Commercial Code (Funds Transfers) which has been adopted in all 50 states. Under Article 4A, a wire transfer starts with the customer of the bank known as the “sender” or the “originator” of the wire transfer initiating the wire transfer process by giving the instruction to wire transfer the funds to the bank. This instruction to wire transfer funds is known as a “payment order” under Article 4A. The sender’s bank is known as the “receiving bank” because this bank “receives” the payment order from the sender.

The person ultimately receiving the funds is known as the “beneficiary.” The bank at which the beneficiary maintains his or her account is known as the “beneficiary’s bank.” Any other bank that passes the payment order along is known as an “intermediary bank.”

Article 4A requires the receiving bank to use a “commercially reasonable security procedures” to verify the authenticity of the wire transfer instructions (the payment order) received from the customer (sender). This requirement cannot be disclaimed by a boilerplate wire transfer agreement provided by the bank. However, the question of what constitutes a commercially reasonable security procedure may turn on the size of the customer, the dollar amount and frequency of the customer’s transfers and the size and location of the bank. Most often, the question that arises in litigation between the customer of the bank and the bank to decide which party will bear the loss from an unauthorized wire or ACH transfer is whether the bank’s security procedures used to authenticate the transaction were commercially reasonable.

The question of what is a commercially reasonable security procedure is to be decided by a judge as Section 4A-202(c) of Article 4A makes the determination of what is a commercially reasonable security procedure a question of law.

Why You Need a Banking Expert

If you represent a victim, you should consider hiring a banking expert to analyze whether or not a lawsuit should even be filed against the bank. Litigation can be very expensive and there is no good reason to throw additional money after a loss if the bank will likely have no liability. In some cases, a claim against the victim’s bank is simply not viable. Spending a relatively small amount of money to have an expert analyze your client’s claim may save substantial sums by not filing a lawsuit that is unlikely to prevail.

An expert can also help prosecute or defend the case by knowing the questions to ask, the discovery to pursue and the motions to file or not file.

If the parties are already in litigation, a knowledgeable banking expert is essential to making or defending a claim that the bank’s security procedure was – or was not – commercial reasonable. Without knowledge of general banking practice and bank regulatory requirements surrounding this issue, a plaintiff or a defendant bank can be at a substantial disadvantage.

I am available to assist in cases across the country. Please call me at 609-203-3666 to discuss your case. There is no charge for an initial 30-minute consultation.