[AJ007]

My understanding, in the US, is if you have a personal account the bank eats the loss. If you have a business account its gone.

This actually is very common. All it requires is enough mule bank accounts to wire amounts below suspicion and spyware on the user's machine (snatches RSA authentication key at entry if two factor verification is used.) The banks don't want the event to be publicized and the company/small business doesn't want it publicized either.

[tedunangst]

To clarify, it depends on who was robbed. If bank robbers steal green paper from the vault, the bank doesn't know which business account that money came from. If it's wire transferred out because your password was 'banana', it may be gone for good.

[makomk]

The more usual issue is businesses getting their machines used for banking hacked and the hacker sniffing all their credentials and emptying their accounts. Many banks don't support two-factor authentication for business accounts because they don't have to - it's not their money on the line.

[tedunangst]

Totally true. That's just not what most people have in mind when you say "the bank was robbed".