Cyber criminals are finding that targeting Home Equity Lines of Credit (HELOC) is an increasingly profitable endeavor, with losses reported to to insurers exceeded $4 million dollars in 2010, and the problem is trending upwards.
The increase in the targeting of HELOC accounts by cyber criminals can be attributed to several factors, including an increase in the use of online banking options and the fact that HELOC accounts are not as closely monitored as checking and savings accounts by consumers.
Still in question is who is ultimately responsible for the loss of funds - banks and credit unions or their clients - and several lawsuits have been filed over breached HELOC accounts.
In one case, a credit union allowed someone to set up telephonic banking control of a customer's HELOC account, transferring nearly $90,000 in funds to the client's savings account in multiple transactions.
The scammer then convinced someone at the credit union to wire the funds to a drop account in another city, and then the funds disappeared.
To the customer's surprise, the bank insists that he is responsible for the loss of funds. The client has since filed a lawsuit against the credit union alleging security measures were inadequate.
That is the crux of the matter, as banks are only required to maintain "sufficient" standards of security, a moving target based on the average level of security employed by the industry as a whole.
Other issues that may come into play when determining liability include whether or not the institution was certified as compliant with regulatory requirements at the time of the breach.
It is possible that courts could hold banking clients responsible for losses if they deem the bank's security measures were on par with the industry average, even if that average standard is woefully inadequate to secure funds.