(Bloomberg News) Valiena Allison got a call from her bank on a busy morning two years ago about a wire transfer from her company's account. She told the managers she hadn't approved the transfer. The problem was, her computer had.
As Allison, chief executive officer of Sterling Heights, Michigan-based Experi-Metal Inc., was to learn, her company computer was approving other transfers as she spoke. During hours of frantic phone calls with her bank, Allison, 45, was unable to stop this cybercrime in progress as transfer followed transfer. By day's end, $5.2 million was gone.
She turned to her bank, a branch of Comerica Inc., to help recover the money for her metal-products firm. It got all but $561,000 of the funds. Then came the surprise: the bank said the loss was Experi-Metal's problem because it had allowed Allison's computer to be infected by the hackers.
"At the end of the day, the fraud department at Comerica said: 'What's wrong with you? How could you let this happen?'" Allison said.
In increments of a few thousand dollars to a few million per theft, cybercrooks are stealing as much as $1 billion a year from small and mid-sized bank accounts in the U.S. and Europe like Experi-Metal, according to Don Jackson, a security expert at Dell SecureWorks. And account holders are the big losers.
'Losing More Now'
"I think they're losing more now than to the James Gang and Bonnie and Clyde and the rest of the famous gangs combined," said U.S. Senator Sheldon Whitehouse, a Rhode Island Democrat who chaired a Select Committee on Intelligence task force on U.S. cybersecurity in 2010.
Organized criminal gangs, operating mostly out of Eastern Europe, target small companies, school districts and local governments that maintain fat commercial bank accounts protected by rudimentary security measures at community or regional banks. The accounts typically aren't covered by insurance as individual accounts are.
"If everyone knew their money was at risk in small and medium-sized banks, they would move their accounts to JPMorgan Chase," said James Woodhill, a venture capitalist who is leading an effort to get smaller banks to upgrade anti-fraud security for their online banking programs.
JPMorgan Chase & Co., the second-largest U.S. bank, is the only major U.S. bank that insures commercial deposits against the type of hacking that plagues smaller banks, Woodhill said. JPMorgan spokesman Patrick Linehan declined to comment.