Lopez discovered his company bank account was US$90,000 short and a quick check online revealed the amount had been transferred -- without his knowledge -- to a Latvian bank.
The Bank of America was duly notified, with Lopez urging its officers to stop the transfer. Unfortunately, it was too late. About US$20,000 was already withdrawn from the Latvian bank account, with the bank freezing the remainder.
After the US Secret Service combed through Lopez's computer, they realised the culprit was a trojan horse called Coreflood. Seemingly harmless when first discovered in 2001, subsequent variants proved malicious -- Backdoor.Coreflood was one example which could give control of infected machines to an attacker.
Not wanting to be left high and dry, Lopez filed suit against the Bank of America, claiming it failed to protect him from online theft. The financial institution had allegedly neglected in its duty to warn him of the security threat. It was like the bank knew someone else had a key to the vault but didn't warn customers, claimed Lopez's lawyer.
As expected, the Bank of America denied all charges saying the onus lies on customers to install security software, including regularly updating patches.
These limits also act as a obstacle for clandestine activities. At the moment, bank tellers are to report suspicious transactions -- such as repeat transfers -- below AU$10,000 to anti-money laundering regulator Austrac (Australian Transaction Reports and Analysis Centre).
But history has shown that any system can be beaten. A Malaysian man nearly walked away with around AU$625,000 before his scam was busted by authorities. Ng Kok Meng used a skimming device -- which captures data from a customer's ATM card -- to gain illegal access into the account.
Meanwhile, the Lopez vs Bank of America court ruling is still pending but this case holds valuable lessons ... primarily that Internet banking, while extremely convenient, comes with its fair share of risks. There's no silver bullet so don't expect Internet scams, hackers, trojan horses and the like to vanish overnight. The challenge for banks and customers to minimise their exposure to losses will continue. Security is neither about the journey nor the destination ... it's like an infinite loop which requires our constant attention.