Hackers, Bank Records, and Going Paperless

The traditional allocation of losses at a bank was first loss bank, second loss government, but never losses to insured depositors. To wit, if Willie Sutton robs a bank, the money lost is the bank's, not that of any particular depositor. If bank fails, then the FDIC steps in pays out the insured depositors. It does so on the basis of the bank's books and records.

The phenomenon of hacking strikes me as changing this loss allocation paradigm: the hacker might steal from individual customers' accounts, not from the bank vault. If the hacking can be identified, then the traditional loss allocation kicks in. But this depends on the bank having an uncorrupted set of books and records that the hacker hasn't accessed. If the hacker can both grab money from the account and mess with the bank's books and records, then there's a royal mess.

This scenario doesn't strike me as a major concern for a simple thief whose primary goal is stealing money. The only reason the thief would mess with the books and records would be to cover his trail in an Ocean's 11 type move. That would take a lot more work, however, and it might be counterproductive as it would require more code, etc., that could point to the thief.

But what if the hacker isn't a simple thief, but a state actor? So far the publicly discussed hackings blamed on Iran have been denial of service attacks aimed at disrupting access to banks' websites, rather than stealing from customers' bank accounts. That could easily change. And if a hacker really wanted to wreak havoc on the US financial system, why not go an screw around with customers' accounts and the books and records of a major financial institution? I don't have any sense of how easy this would be, but it's a scary thought. I assume that there are some very smart and well-compensated people working to ensure that this can't happen (e.g., off-line storage of bank records), but even so, things can go wrong.

All of this brings me to a rather old-fashioned point: paper has some benefits over electronic records. The virtues of paper over electronic records have become patently clear in the mortgage foreclosure context (more about that soon in another post), but what about bank statements? Every time I log onto my bank's website I get badgered to go paperless. And every time I say "No thanks." My bank tries everything: pleading how paperless is better for the environment, pointing out how nifty its mobile banking app is, etc. Of course, the bank never mentions that going paperless saves it a lot of money, and that none of those cost savings are being offered to me. (How about additional interest equal to 50% of the postage and paper costs? That might make my account start to have something like a positive yield...)

There's another problem with going paperless. Going paperless means that my account records exist only in the control of the bank. And banks are now national security targets. While hackers haven't gone after accounts so far, that could well change, and a hacker aiming for maximum havoc might target both accounts and bank records. Having my own set of paper records isn't perfect--they are costly to store, can themselves be doctored, and might lag by up to 30 days. Paper records don't protect against a hacking, but if the doomsday scenario spelled out above were to happen, I'd much rather be a depositor with a trail of paper statements than nothing but electronic records.

Contributors

Pamela Foohey
   bio | posts

Anna Gelpern
   bio | posts

Mitu Gulati
   bio | posts

Melissa Jacoby
   bio | posts

Dalié Jiménez
   bio | posts

Jason Kilborn
   bio | posts

Bob Lawless (blog admin)
   bio | posts

Adam Levitin
   bio | posts

Stephen Lubben
   bio | posts

Nathalie Martin
   bio | posts

John Pottow
   bio | posts

Mark Weidemaier
   bio | posts

Jay Westbrook
   bio | posts

Alan White
   bio | posts

Like Us on Facebook

Like Us on Facebook

By "Liking" us on Facebook, you will receive excerpts of our posts in your Facebook news feed. (If you change your mind, you can undo it later.) Note that this is different than "Liking" our Facebook page, although a "Like" in either place will get you Credit Slips post on your Facebook news feed.

Bankr-L

As a public service, the University of Illinois College of Law operates Bankr-L, an e-mail list on which bankruptcy professionals can exchange information. Bankr-L is administered by one of the Credit Slips bloggers, Professor Robert M. Lawless of the University of Illinois. Although Bankr-L is a free service, membership is limited only to persons with a professional connection to the bankruptcy field (e.g., lawyer, accountant, academic, judge). To request a subscription on Bankr-L, click here to visit the page for the list and then click on the link for "Subscribe." After completing the information there, please also send an e-mail to Professor Lawless ([email protected]) with a short description of your professional connection to bankruptcy. A link to a URL with a professional bio or other identifying information would be great.

Comments

Not quite. It is easy to collect your own electronic set of statements. I maintain a full complement of pdfs. It may be easier or more difficult to doctor depending on your talents and banks may or may not consider them less reliable than paper but actual records are still more useful than corrupted or no records.

Posted by: Lord | January 09, 2013 at 09:21 AM

There is nothing new under the sun.

There is a lot of case law regarding dubious bank records and their clash with customer records. Sometimes, it was paper hacking. Paper hacking is quite doable, as an inside job. FDIC v. Holders of Yellow Certificates, 85 Civ. 8164 (VLB) (S.D.N.Y. March 4, 1987).

There is a wonderful old case with a wonderful old name: FDIC v. Records, 34 F. Supp. 600 (W.D. Mo. 1940.) For a batch of cases: Pagano v. United Jersey Bank, 143 N.J. 220, 670 A.2d 509 (1996) (old passbook suffices to evidence bank deposit, notwithstanding lack of record to contrary); In re Ruskay, 5 F.2d 143, 147-48 (2d Cir. 1925) (intent of the parties alone creates bank deposit, notwithstanding lack of bank record); Singer v. Yokohama Specie Bank, 293 N.Y. 542, 58 N.E.2d 726 (1944) (written confirmation of payment enough to create a deposit even though bank declared insolvent before payment entered in bank’s books); Foley v. Hill, [1848] 2 HLC 28, 40-41, 9 ER 1002, 1007.

The old ways is the best ways; bah, humbug!

Posted by: Ebenezer Scrooge | January 10, 2013 at 01:29 PM

E-signature, E-Recording and E-anything else is simply asking for more trouble and entirely too many more pieces of shrapnel than necessary. In the case of the current "crisis" how difficult has it been for anyone to produce accurate *PAPER* records? I've seen my share of copies of documents that were most likely re-prints of digital files - not even paper copies of paper originals.

I introduced myself to the two local foreclosure roundtables in which I was asked to participate by "stealing" an attorney's house on paper and "stealing" a promissory note from Judy Faber and Residential Funding - based on an affidavit from her she doesn't stamp her own signature never mind actually sign it so she won't mind. The attorney for the client whose note I used actually submitted the "stolen" note into record on the case as an example of why the court shouldn't trust copies of documents. All I had at my disposal was a basic off the shelf software program and a multi-function printer.

Bottom line is that if *I* can do it using simple software programs, someone who actually knows what they're doing would be worth a fortune to a company in need of "original" document production... Oh wait... That was what LPS' "price list" was for wasn't it... $13 to "create" a lost note affidavit or note allonge and $35 to "create" a missing intervening Assignment. Such a deal.... http://www.scribd.com/doc/38591053/Lender-Processing-Services-DOCX-Document-Fabrication-Price-Sheet

Posted by: Mike Dillon | January 18, 2013 at 11:49 AM

Just like you, I prefer paper bank statements. Although there is always an assurance from the banks that files are encrypted and difficult to hack, I'm still not comfortable with the idea of relying too much on technology. When it comes to money matters, I prefer hard copies of documents.

Posted by: Diego | January 24, 2013 at 08:29 AM