We all assume that our money is safe so long as it remains in our bank accounts and that the bank would be responsible if something were to happen to it. However, a CBC GoPublic investigation this week revealed that Canadian financial institutions are often leaving their customers on the hook when funds are stolen from their account by cybercriminals.

E-transfer attacks

The usual route of attack is through fraudulent e-transfers. Using malware installed on consumers’ devices, criminals steal their valid bank credentials. Criminals often spoof (a malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver) consumers’ IP addresses, resulting in banks not suspecting that theft is occurring.

After an attack occurs

Banks are often more concerned with absolving themselves of liability once fraud occurs. While in bold print, banks claim that e-transfers are secured, but hide in the fine print the litany of requirements that are required for reimbursement.

As many as three-quarters of customers who have money stolen through e-transfer fraud never get their money back.

Customers who complain to the media often get their funds reimbursed, but only after they sign a confidentiality agreement that prevents them from discussing the details of the settlement.

Other jurisdictions

In the UK, bank fraud became so severe that the government made banks responsible for financial losses. Shortly thereafter, the rates of bank fraud plummeted.

How you can prevent bank fraud

Take precautions against malware being installed on your device(s). Do not open attachments in unsolicited emails and use two-factor authentication when possible. Monitor your bank and credit statements for fraudulent transactions. Many banks allow for notifications to be sent to your phone whenever a transaction is made, which would alert you when a fraudulent transaction occurred. Consumers should ensure that their security questions are not easily discoverable. In at least one case, fraudsters were able to determine some consumers’ security questions through their public Facebook profile.