Security Expert: Business Owners Should Never Bank Online

Security blogger Brian Krebs knows a thing or two about the risks of cybercrimes. The security blogger who broke the news of the Target and Neiman Marcus data breaches spends his days investigating the cybercriminal underground and, as we reported in the recent issue of the magazine, has been the target of all sorts of digital, and at times physical, assaults. He’s got surveillance cameras around his home, keeps a shotgun in his office, and has thought through how best to protect his own bank accounts.

Krebs says he has no major qualms about doing his personal banking online—largely because there are so many protections for consumers. If a consumer’s bank account is hacked, the bank is generally responsible for covering the costs of the fraud. “If their account is emptied out, as long as the consumer notifies bank in a timely fashion, they don’t have to pay for that,” Krebs says.

According to the FTC (pdf), there are a few thresholds for what’s considered timely. (For those of you keeping track, this is mandated in Section 205.6 of Regulation E.) If consumers notify their bank within two days of learning about the loss or theft, the most they’ll have to pay is $50, no matter how much has been emptied from their checking account. (Consumers are also liable for only up to $50 of fraudulent credit card charges.) If they wait more than two days, but are still within 60 days after their account statement is sent to them, they could be responsible for up to $500.

Protections for business accounts are a whole other story: In general, banks aren’t on the hook in the event of a fraud. Krebs has spent years documenting the ways small businesses have been victimized by cyber attacks. The results can be devastating, at times forcing the business to close when thieves wipe out their payroll or checking accounts. Because of this, Krebs says he does none of his business banking online. He drives to his bank to deposit old-fashioned paper checks in person. Krebs says not enough people know about this distinction, including bank tellers. When he gives paid lectures, Krebs says he asks to travel in business class and often strikes up a conversation with his seatmates. When he mentions this business banking vulnerability, his seatmates are often dumbstruck. “OK,” Krebs says, “Let’s have a conversation about this.”

    Before it's here, it's on the Bloomberg Terminal.