I dunno. I don't understand how thieves can transfer moneys from my accounts in a matter of minutes, and it's untraceable, but when I try to send money to someone else, it takes 5-7 business days. Initiated deposit to my HSA, 7 business days. I got some BS about "well, sir, it has to clear multiple services". ACH clearinghouses, etc. But if I buy something on my HSA card, the money's gone in 2 seconds.
If I transfer money to someone else's account it's in there within about 10-20 seconds. I guess different banks and accounts make use of different transfer types, and when the thieves are in the system they can just choose to use the faster ones?
With access to thousands of bank accounts, you can issue small transfers to and from those accounts, over and over and over again, to the point that the transfers are so many, that tracing them becomes significantly difficult.
It's not untraceable, but the cost associated with unraveling a single theft becomes prohibitively expensive.
Are the banks liable for these kinds of losses? I'm guessing no; if they were, I doubt they'd consider it "prohibitively expensive" to track down losses of hundreds of thousands to millions of dollars.
"hundreds of thousands to millions of dollars." is quite a large range when talking about money.
My comment was specific to the example given in the article, where to amount was about $195,000. While not a tiny sum of money, the amount of man hours spent to unravel those transactions, to ultimately get to recoverable sum, would be close to if not more than the original amount. And getting to the amount, may not guarantee that you can recover the funds anyway.
Putting aside the cost/hours of recovering the money, is this the only reason its 'untraceable'?
I understand it becomes tedious to unravel the transactions, but is it still a tractable problem? Or do these people eventually shift the money into offshore banks that refuse to co-operate with authorities? It seems such a bank would be quickly cut off from the rest of the world if it existed.
Based on some events of this sort in my area, as I understand it organizations that get that sort of direct access and control over their bank accounts do so under a strict set of conditions the bank lays down. I.e. an isolated computer that no one's reading email on, which prevents the sort of spear plishing detailed in Haysite Reinforced Plastics experience with PNC Bank.
After such an event the bank will investigate, and if the org violated their conditions and that led to the loss, it's on the org. And I suspect org insurance policies have "we don't make you whole if you're an idiot" provisions.
Or at least that's how it went down here when e.g. a school district was sloppy and lost 6 figures of their bank balance.