Can Our Bank Accounts Get Wiped Out in a Cyber Attack?
They have gotten to our fuel[1]; they have gotten to our infrastructure[2],[3]; they have gotten to our food[4] – who is to say that they are not trying to get to our money in the bank?
There are 3 ways that our bank accounts could get wiped:
- As a result of something we did, as individuals.
- As a result of independent hackers targeting us, as individuals.
- As a result of state-run hackers targeting the banks or country, as a whole.
First off, we are all at home during the COVID-19 pandemic lockdown. Online banking has increased[5]. In fact, one bank even reported a 250% increase in online banking among seniors aged 65 and older in one month alone[6].
As long as we are connected to the internet, we are vulnerable to hacking schemes. For example, if our computers are not equipped with current anti-virus software, our passwords could get stolen. Likewise, if we allow our computer to auto-save our password, others could access our account.
If we receive an email that looks legitimate on the surface, touts the logo of the bank and sparks our attention with “you must act now”, this is a phishing scam. These highly plausible scenarios could all be avoided so long as we, as individuals, be wise about our online activity.
Independent hackers could be targeting us as individuals and they could employ all sorts of tactics like infiltrating your mobile banking app, posing as an official banking app, unleashing Trojan apps that strip information from the legitimate banking app, serving as the Man-In-The-Middle and intercepting your communications with the bank, claiming to be you during a phone call with the bank by way of SIM identify theft[7].
The last and scariest scenario thinkable would be for state-run hackers, that is, foreign countries to wipe out our bank accounts completely. Imagine waking up one day to the news that your savings account has been cleaned out and there is absolutely nothing you can do about it. What a nightmare. Are the banks prepared and equipped for such an attack?
In terms of liability, the banks must bear some responsibility. CIBC issues the following reassuring statement: “It’s simple: if you’ve been a victim of fraud, and you’ve met all of your responsibilities, we promise to return 100% of the money you’ve lost from your CIBC accounts”[8]. In the Electronic Access Agreement, CIBC states: “we will be liable to you only for direct damages resulting from our gross negligence”[9]. Would a state-run cyber attack be viewed as “gross negligence” on the part of the bank?
Royal Bank issues a similarly reassuring statement: “Should something ever happen, we will fully reimburse you for any unauthorized transactions made through the RBC Mobile app or RBC Online Banking”[10]. But here is the scary part: “in no event, even if we are negligent, will we be liable for any loss or damage suffered by you that is caused by:
(a) the actions of, or any failure to act by, a Third Party”[11]. So if a foreign country cleans out our savings account, the bank is not liable for this loss? This clause in the Electronic Access Agreement is most unsettling.
Maybe my money is indeed safer under the mattress.
[1] https://www.cnn.com/2021/05/19/politics/colonial-pipeline-ransom/index.html
[3] https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12
[4] https://www.cbc.ca/news/business/jbs-meat-cyberattack-1.6048942
[5] https://www.americanbanker.com/news/digital-banking-is-surging-during-the-pandemic-will-it-last
[7] https://www.makeuseof.com/tag/methods-hackers-bank-account/
[8] https://www.cibc.com/en/privacy-security/digital-banking-guarantee.html
[9] https://www.cibc.com/en/legal/agreements/electronic-access.html
[10] https://www.rbc.com/cyber-security/how-rbc-keeps-you-safe/index.html