For banks in cyber heist, how to get their money back?

Because the amounts were large and these attacks are relatively new, both banks of the Middle East influenced in a robbery of ATM $ 45 million fac...

For banks in cyber heist, how to get their money back?

Because the amounts were large and these attacks are relatively new, both banks of the Middle East influenced in a robbery of ATM $ 45 million face an uncertain path in an attempt to have their losses, experts make financial, insurance back and legal say.

Oman-based Bank Muscat has lost $ 40 million and the United Arab National Bank of Ras Al Khaimah PSC (RAKBANK) established Emirates lost $ 5 million in global heist, said U.S. prosecutors Thursday.

Hackers broke into other companies that processes transactions for prepaid debit cards issued by banks, prosecutors said. Then the gang in 27 countries withdrew their money from vending machines in two coordinated movements, on December 21 last year and the other on 19 February this year.

While the details of what happened are still sketchy, experts said banks could submit, or they can file claims with their insurers and processors. A complaint against the processing plants in the garden

“There are no hard and fast rule,” said Dan Karson, U.S. President Kroll Advisory Solutions. “We are a new cyber atmosphere finances and the allocation of responsibility is still in development.”

claims of banks to processors depending on the contract between the two parties, Karson and other experts. These contracts include safety standards in the industry, needed by the major payment networks with a credit card, in this case MasterCard.

In most cases of security breach, makes the processor in question does not fully meet the standards, said Doug Johnson, vice president of risk management policy of the American Bankers Association.

But even if the processor has failed to comply with safety standards, banks can not still be able to get their money back. This is because the contracts between processors and banks, including the credit card companies like to make Visa or MasterCard conditions, generally limit the liability of the processor.

“They can not all together, or they will be out of business,” said Michael Klaschka of Integro Insurance Brokers, which many financial institutions as clients. “Have the bank may have little recourse against the credit card processor.”

kick in the Bank of Muscat, the processor is enStage Inc., based in Cupertino, California, a source close said at the Bank of Muscat.

In a statement Sunday, Bank Muscat said that given the opportunities to get the money back. “We confirm that we all possibilities of recovery in order to protect the interests of shareholders and to bring if the height markets are important in this context” developments, the statement said.

enStage officials did not respond to requests for comment Saturday. EnStage CEO Govind Setlur said in a statement in the Times of India that his company safety improvements had been carried out since the attack.

In RAKBANK, the processor is Electra Card Services India, according to people familiar with the situation. Electra Card The department said in a statement Sunday that the data appear to be compromised beyond its “processing environment.

MasterCard said it was working with police in the investigation and said its systems have not been affected by the attacks.

Banks can always try to sue for negligence or other claims processors but their success can be limited by their contracts, regulations specific fines and arbitration procedures mandated by arguing among corporate credit card.

These actions have proved difficult to win, according to Joseph Burton firm Duane Morris in San Francisco, an expert dispute in finance. U.S. federal courts have generally, but not unanimously, found that the banks are limited to contractual remedies.

In a major case , card issuing banks filed a class action lawsuit against Heartland Payment Systems after the processor announced in 2009 that hackers the data of more than 100 million credit cards were compromised.

A federal judge in Houston, Texas, rejected almost all of the claims in 2011, and notes that the banks were by their contract, which included set by Visa and MasterCard rules that determine how bound banks can redress may also request after a breakup. Banks call.

Bank of Muscat and RAKBANK payment from their insurers under their conditions.

Some banks also have a blanket of security for cybercrime, but experts say the market for such a policy is still relatively immature. We do not know whether the Bank of Muscat or RAKBANK made cyber insurance.

insurers in turn also their support claims against the processors, or processors own insurer.

“It is certainly possible that the bank could be left to the poor,” said Rivera Frederick law firm Perkins Coie , an expert in financial services disputes in the United States.

A complicating factor is that the banks are in the Middle East, while one of the processors is based in India, making it difficult to know which court jurisdiction in disputes. But experts say the requirements that credit card companies require banks and processors are global in nature.

federal prosecutors will also seek compensation for banks suspect arrested in the case, although the amount of funds available will probably not stolen the approach of the total amount of money.

The U.S. Department of Justice has indicted eight people he said money had retired, in New York and prosecutors seized hundreds of thousands of dollars in cash and bank accounts, as well as watches luxury SUV and a Mercedes.

But the cell in New York was just one part of a comprehensive and coordinated heist. U.S. prosecutors have not said where the leaders of the band were based.

Prosecutors said that the gang focused on prepaid debit cards issued by the two banks, using the pirates companies payment processing robberies to increase withdrawal cards. account balances and limits

The robbery is not compromised the accounts of all individual customers, unlike the case of identity theft. In these cases customers usually together with their financial institution or credit card companies, who in turn try to be the company that has been raped.


Leave a Reply