UK-based Tesco Bank froze online transactions on Monday after discovering that cyber-criminals stole money from 20,000 different customer accounts. The exact method used by the perpetrators is still under review, but preliminary analysis suggests the attackers exploited weaknesses in the bank’s online payment system related to the  processing of debit card transactions. The Bank has not disclosed exactly how much money was stolen, only stating that the amount is “a big number but not a huge number.” Other notable cyber-attacks on financial institutions this year have netted criminals amounts ranging from $10 million to $81 million.

With the prospect that similar attacks may occur in the United States, U.S. financial institutions and their customers should be asking “who foots the bill when cyber-criminals make off with a customer’s money?” Tesco Bank was quick to say that it will be reimbursing customers for funds stolen from their accounts, but one can imagine a scenario in which a bank is unable to absorb the cost of such a robbery.

While bank robberies have occurred for as long as there have been banks, and modern financial institutions have operational procedures and insurance to address theft risk, theft by cyber-attack poses new challenges and risks for U.S. banks. Banks typically address theft risk through private insurance. FDIC deposit insurance is there to protect depositors in the case of bank failure.

But what if the bank’s insurance does not cover cyber theft?  If a bank is unable to restore lost customer funds either through its own means or through private insurance, can FDIC insurance come to the rescue?

The answer would appear to be yes, but only in the event that a bank is completely drained of capital and on the verge of failure. And even in that case, it is not entirely clear whether FDIC insurance would be available to those depositors whose deposits were stolen.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Norman Roos Norman Roos

Norman Roos, a member of Robinson+Cole’s Business Transactions Group, concentrates his practice on transactional, regulatory, and technology matters relating to the financial services and real estate industries. He is also a member of the firm’s Financial Services Cyber-Compliance Team and advises financial institutions…

Norman Roos, a member of Robinson+Cole’s Business Transactions Group, concentrates his practice on transactional, regulatory, and technology matters relating to the financial services and real estate industries. He is also a member of the firm’s Financial Services Cyber-Compliance Team and advises financial institutions concerning data privacy and security matters, particularly in relation to policy planning and implementation.

Mr. Roos is counsel to the Connecticut Mortgage Bankers Association, Inc., and is president-elect of the American College of Mortgage Attorneys where he has served on the Board of Regents and as Connecticut State Chair. A member of the Connecticut Bar Association, Mr. Roos is Past Chair of the Financial Institutions Law Section. He has served on a number of Connecticut Law Revision Study Committees including those on Uniform Common Interest Ownership Act, Electronic Communications, Mortgagor Liability, and Electronic Recording of Land Records. Read his full bio here.

Photo of Scott Baird Scott Baird

Scott M. Baird is an associate in the firm’s Business Transactions and Finance Groups, where his practice involves all aspects of corporate and securities law, including corporate governance, mergers and acquisitions, private equity and venture capital transactions, joint ventures, finance transactions, and securities…

Scott M. Baird is an associate in the firm’s Business Transactions and Finance Groups, where his practice involves all aspects of corporate and securities law, including corporate governance, mergers and acquisitions, private equity and venture capital transactions, joint ventures, finance transactions, and securities law and compliance. He focuses on new legislation as well as regulatory and compliance matters involving financial service institutions. Read his full rc.com bio.