HOWELL – Platinum Supplies, an ecommerce company, was busy last month filling orders for the holiday shopping season when its bookkeeper noticed 18 transactions made in one day by someone they didn’t recognize. It amounted to $84,000.
Initially, the company’s financial institution, Fulton Bank, refunded all the money. But then the bank reversed course, according to the company’s owners, refunding just $10,000 from one transaction it was able to stop. The company found itself out of out of $74,000.
“It has a big impact,” said Chaya Streicher, 33, of Lakewood, who founded the company. “I said, ‘We’re a small business. I’m a mom of seven children. I have bills today. I didn’t take a paycheck this month. I had to pay my employees. I don’t know if the business can survive.'”
Platinum Supplies is at risk of losing thousands of dollars in a case that demonstrates consumers aren’t necessarily protected if their bank account is hacked. If customers are found to have fallen for a scam, they could be on the hook.
Payback!Here’s how to scam the scammers
Platinum’s owners can’t remember clicking on anything they shouldn’t have, and they say their bank never alerted them to any unusual activity. But experts say their case is a sign of the times. Just about every employer is being targeted by increasingly sophisticated hackers who are trying to get access to their computer systems and walk away with money before anyone can notice.
‘Remove all morality’
“Just think of pure capitalism and remove all morality,” said Sean Deuby, principal technologist for North America for Semperis, a Hoboken-based cybersecurity company. “Their goals are to get as much money as possible, as quickly as possible, with as little risk as possible.”
Platinum Supplies is an ecommerce company that fills hard-to-find orders based on online searches. It has five full-time employees who work at in an industrial office park here. And its owners showed off a couple of items they tracked down that might be too obscure for, say, Walmart to carry: a mug shaped as a skeleton and a tree stand that can hold cocktail glasses.
Streicher founded the company six years ago, seeing it as a way to earn money while raising her growing family. She opened an account with Fulton, a Lancaster, Pennsylvania-based bank with a branch in Lakewood, with just $50, noting it was the only bank she could find that would work with her.
The company began to grow. Her husband, Mark, and brother, Stephen Simon, joined her.
In June, though, their part-time bookkeeper noticed strange transactions. Mark Streicher thought it looked like fraud and called Fulton.
How safe are your passwords?Make yours harder to hack
“I don’t know why I was under the impression that banks are fully responsible for this,” Mark Streicher said. “Why wouldn’t they be? If there’s a fraud on my credit card, which I’ve had in the past, on (American Express), they right away refund, give you back the money. I never had an issue with that. It happens.”
The business owners said they didn’t understand why the bank didn’t recognize unusual activity. They said they had never made 18 transactions in a single day. But Fulton after investigating told them on Tuesday it made its final decision and denied their request for reimbursement, Mark Streicher said.
A Fulton spokesperson declined to comment.
Trillions in damages
It is the latest in a growing list of cyberattacks to hit local employers. CentraState Healthcare System based in Freehold Township, for example, was the target of a hack in February that compromised patient information and temporarily disrupted some services.
Pay me Bitcoin or lose your power!3 ways scammers target people who owe utilities
MRA International, a computer support company, will host a forum in Long Branch on July 20 to help schools and the government guard against an increase in scams. For more information, email firstname.lastname@example.org.
Damage from cyberattacks is expected to cost $10.5 trillion a year by 2025, according to a McKinsey & Co. report. It’s a figure so big that only the economies of the United States and China top it, Deuby from Semperis said.
The hackers are often located overseas and gain access to networks often by sending emails or texts that appear to be legitimate. Banks can use what’s known as multi-factor authentications that require customers to use more than their password to get access to their accounts, like a code sent to their cell phone.
But Deuby said some hackers have managed to get the authentication sent to themselves.
It isn’t clear if that’s what happened to Platinum Supplies. But regulators said both consumers and business owners should be wary. If a credit card has been fraudulently used, for example, consumers’ losses are generally capped at $50 by federal law. If the credit card number has been stolen, consumers aren’t responsible for any losses.
Don’t be fooled:Shore grandparents are getting calls that their grandchildren are in jail: It’s a scam
Federal protections are murkier when it comes to cyberattacks on electronic transfers.
Consumers are covered by Regulation E of the Electronic Fund Transfer Act, enacted in 1978. It limits the liability for consumers whose money is taken from their accounts without authorization if they alert their banks within 60 days of the transactions appearing on their statement.
What if they were tricked into giving authorization? Banks and consumer groups are at odds over who is liable. Banks say consumers still authorized the transaction, even if was a mistake. The Consumer Financial Protection Bureau issued guidance in June 2021 saying third parties who fraudulently obtain access to customer accounts through phishing scams, for example, are still considered unauthorized.
The law doesn’t protect consumers in the case of wire transfers. And the Federal Deposit Insurance Corp. only insures deposits in the event of a bank failure, not theft or fraud.
For business accounts like Platinum Supplies, the issue is clearer: Federal consumer protections don’t apply.
For small businesses, “that means … your bank may not be responsible for reimbursing losses associated with an electronic theft from your bank account,” the FDIC said in a 2016 guide.
What should you do?
Among the FDIC’s recommendations:
- Keep your computer system up to date with a reputable anti-virus software and firewalls to block unwanted access.
- Train employees on how to detect suspicious emails and text messages.
- Ensure employees use strong IDs and passwords to log into your system.
The Platinum Supplies team is considering its next step. It has reported the incident to law enforcement. And it is thinking about getting a loan to help get back on its feet.
“We started with $50, we’re resilient,” Stephen Simon said. “But it’s challenging,”
Michael L. Diamond is a business reporter who has been writing about the New Jersey economy and health care industry for more than 20 years. He can be reached at email@example.com.