Warnings about the growing vulnerability of both businesses and people to cybercrime and the ballooning cost of battling it has become more dire every year.
Last year, Cybersecurity Ventures, a trade publication, predicted cybercrime would cost the world $6 trillion annually by 2021, up from $3 trillion in 2015.
“This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined,” the firm asserted in an annual report on the state of cybercrime.
Meanwhile, there’s a mistaken conventional wisdom among some that we live in a no fault world when it comes to cybercrime. People understand, at least on some level, there’s risk but assume that financial institutions will make them whole if they fall victim to cybercrime.
And while financial institutions spend millions each year reimbursing customers who’ve been victims of cybercrime, there can be limits to that assistance, as the story of Texas City resident Bobbie Briggs shows.
Briggs told a Daily News reporter she was shocked when she checked her Chase Bank savings account in September, and found about $11,000 missing, with suspicious withdrawals dating back to May.
Three months later, Briggs was still working to get her money back.
And she may be out of luck because of outdated laws that put limits on the amount of time consumers have to notify banks about problems with their accounts.
An unknown person, without Briggs’ knowledge, moved money from her Chase account to a different bank, and used it to make purchases at Sears and through PayPal, she said. She was able to close the other bank account, and the second bank sent the money back to Chase.
So far, though, none of the money is back in her pocket, she said.
Briggs insists that she never received bank statements about the account, either in the mail or in an email.
That’s important, because under current laws, banks only have to act on unauthorized withdrawals for a certain amount of time from when the customer receives a document that reflects the withdrawals.
The current law — called the Electronic Fund Transfer Act — puts a 60-day limit on what must be repaid, said Angela Littwin, a law professor at the University of Texas who specializes in bankruptcy, consumer and commercial law. If an unauthorized withdrawal isn’t reported within 60 days, banks aren’t obligated to refund it.
The law was written in 1978 as more people used credit and debit cards, and is based on the assumption that most people would notice whether their cards go missing, Littwin said.
It doesn’t take into account that people can access bank accounts without cards, or that people might not be closely tracking their finances.
“It’s not a very good law,” Littwin said. “That’s the issue.”
Briggs said she has filed a police report over the unauthorized charges, and written to Texas Attorney General Ken Paxton and U.S. Sen. Ted Cruz’s office to ask for help. She’s checked in with the FDIC, the U.S. Consumer Finance Protection Bureau and is considering going to the Better Business Bureau.
Briggs said the bank initially agreed to pay about $400 back. That would be money that was taken from the account during the first 60 days. But beyond that, she said the bank said the matter was closed.
She’s talked to a lawyer to see whether she has any other recourse, but is hoping public attention to her problem might spur the bank to reopen her case.
It’s fair to ask why Briggs didn’t pay closer attention to the savings account. She said the whole reason she started the savings account in the first place was to keep most of her cash separate from her debit and credit card accounts — which she considered more vulnerable.
That’s the lesson here for the rest of us. Nothing is safe from cyber criminals anymore and we all have to keep a vigilant eye on our money.
• Michael A. Smith
Editor’s note: After a Daily News article was published Monday, Chase Bank said it had reopened her case, Briggs said.