I was recently informed that my business had its banking and my personal information stolen in the Global Payments Hack. We formally used the company to process credit cards. And they apparently allowed my personal and small business information to get out into the wild. Global Payments is now paying for one year of credit monitoring for my personal information, but my business bank info is out there without protection accept my diligence to daily check for unauthorized bank transfers. It was suggested that I close the account and open an new one. I am forced to consider this, but changing all the electronic payments I currently have setup on my business account is a time consuming problem. I may decide to do this, but as anyone who considers this as a good solution should remember what a detailed process it is to have to change bank accounts.
The issue is that the financial system does not seem like the idea of really tight security. I think that there is tremendous profit in the noise created by having a certain amount of fraud transactions for the all the big principal intermediaries in the financial system despite the claim they work so hard to prevent it. They are not financially responsible under most contract law as far as I can tell as a layman and small business owner, it is the party that allowed the fraud to happen who is responsible or in my case if someone decides to raid my business bank account after being told that there is a problem, me. Not the service providers. If someone empties your bank account electronically, you not your bank have a problem. Same is true if you credit card gets used unauthorized. Even if you are protected, you still have a problem with the amount of time and effort necessary to clean up the mess. And it can cause havoc with your life.
It is possible to make it much more difficult for unauthorized bank transfers or credit card fraud.
Simply require that all transactions be PIN based or require advanced setup with the bank before authorizing any kind of electronic funds transfer out of my account.
If for example, my tax payment which in the Commonwealth is done electronically monthly, I would require that I inform my bank, that the commonwealth is an authorized requester for a fund transfer, fill out a authorization form with the commonwealth’s information and my bank would then have the Commonwealth listed on a white list. By requiring the white listed payees in advance and in person, my bank and I will have much greater security that some off shore bank robber can not steal from me. I can pay the commonwealth and the transaction should go through. Only White listed Payees should be allowed to get electronic payments under this scheme. Such a system would now put the responsibility for allowing fraudulent transactions happen on to the financial system not me. I do not think it would be perfect, but it would be much better than what we have now, which is practically in effect security by ignorance of my account being available to steal from. There is no security on most electronic transfers in our financial system.
Credit Cards in other parts of the world have a PIN associated with the card that is kept separate from the physical card. this too could be required on electronic bank transfers and would cut down on the possibility of fraud.
Now I realize that Massachusetts regulates a small percentage of Banks, and Financial companies. Most are regulated by the Federal Government for the benefit of the Financial industry. I would like to suggest that the Commonwealth and the state regulator of state chartered institutions make a proposal to require that the Banks that it does regulate begin to require stronger more robust security for the small business and individual accounts to make it much harder for ill intentioned groups to to steal from Massachusetts business and individuals, by requiring some kind of independent authentication that a transaction is legit. A advanced setup PIN or a White list would be a small step forward. It may even be a selling point for small businesses and not so small businesses to use locally chartered banks over their federally regulated competitors.