A Recent Catalyst – City of Portland TN Bank Account Hacked – Unauthorized Withdrawal
The report that the City of Portland, TN had its bank account hacked reminded me of a similar personal victimization.
In November 2008, a small, unauthorized withdrawal was made from my credit union account. It was only $29.99; but my credit union never should have allowed the withdrawal. so how did it happen? How did they get access to my bank account?
Bank Account Compromised (at the Bank and Federal Level; no Passwords required!)
This was a very serious situation that led me to think that if my bank account can be hacked, you can imagine what the situation could be for others, not to mention the subsidiary banks that are underneath it. As of now its only 29.99, tomorrow it might be ten times more and the consequences would be disastrous if that were to happen. I thought of going for an rfp consulting immediately after it happened so as to prevent something worse from taking place.
December 6 th is when I noticed an odd withdrawal by “MB Moon Park,” a company I had never heard of and certainly did not do business with. I contacted my credit union and they agreed to reimburse the unauthorized withdrawal. My account had been compromised, but not in the traditional sense – not via phishing or virus. Per the credit union, they weren’t sure of the details but later showed me that they had changed to newer account numbers, yet leaving old account numbers in place. They failed to notify customers of the change, and of the fact that the old account numbers still were active.
They explained that, due to laws requiring “fast EFT ACH electronic check cashing” between businesses and Automated Clearing Houses (ACH) , and from bank-to-bank, the banks immediately honor electronic check headers (EFT requests), without additional verification. They said that since, at one time, the account number had been valid; and I had authorized EFTs on that account, the requests were honored. I never authorized “MB Moon Park” specifically to present checks against my account!
New York Check Cashing Companies – in League with Greece and Russia?
Searching Internet “scam and complaint sites,” I found that the scam was a more wide-ranging scam than I first realized. Talking with Pitt County NC Detective David Flynn , who was investigating local victims, it turns out the culprits may be “check-cashing stores” in New York, who ultimately transfer the money to accounts in Greece and Russia
Under-the-Radar Small Withdrawals with Custom-Crafted EFT headers and Hardcopy Checks
By November 2009, some 300 people had been identified as having been victimized. The scope was expected to be much larger – later confirmed to be upwards of 1,000. The problem with getting the feds to take action was two-fold: first, the amount of damages needed to be $100,000 or more; second, the amounts stolen were spread out over the U.S. and were small amounts that usually don’t flag FBI or consumer attention.
Some victims had been involved in selling Mary Kay cosmetics (my wife was a Mary Kay distributor), so there may be a connection. The EFT header and canceled check the credit union showed me had very old information, crafted with only my wife’s name and an old house address – yet we never had our checks created that way. Clearly, criminals obtained old account information and found a way to present electronic checks against virtually any valid account, without requiring prior authorization. At the height of their activity, the criminals reportedly had been withdrawing as much as two million dollars per month from their “holding account.” At last check, after about 4 years, the FBI finally had taken the case, had frozen what assets it knew about, yet had made no arrests.
Bottom Line – Always be Vigilant with Financial Matters!
Arm yourself and fight thieves – check your credit card and bank statements on a regular basis and shred (or burn) old account information!