Hackers, Bank Records, and Going Paperless
The traditional allocation of losses at a bank was first loss bank, second loss government, but never losses to insured depositors. To wit, if Willie Sutton robs a bank, the money lost is the bank's, not that of any particular depositor. If bank fails, then the FDIC steps in pays out the insured depositors. It does so on the basis of the bank's books and records.
The phenomenon of hacking strikes me as changing this loss allocation paradigm: the hacker might steal from individual customers' accounts, not from the bank vault. If the hacking can be identified, then the traditional loss allocation kicks in. But this depends on the bank having an uncorrupted set of books and records that the hacker hasn't accessed. If the hacker can both grab money from the account and mess with the bank's books and records, then there's a royal mess.
But what if the hacker isn't a simple thief, but a state actor? So far the publicly discussed hackings blamed on Iran have been denial of service attacks aimed at disrupting access to banks' websites, rather than stealing from customers' bank accounts. That could easily change. And if a hacker really wanted to wreak havoc on the US financial system, why not go an screw around with customers' accounts and the books and records of a major financial institution? I don't have any sense of how easy this would be, but it's a scary thought. I assume that there are some very smart and well-compensated people working to ensure that this can't happen (e.g., off-line storage of bank records), but even so, things can go wrong.
All of this brings me to a rather old-fashioned point: paper has some benefits over electronic records. The virtues of paper over electronic records have become patently clear in the mortgage foreclosure context (more about that soon in another post), but what about bank statements? Every time I log onto my bank's website I get badgered to go paperless. And every time I say "No thanks." My bank tries everything: pleading how paperless is better for the environment, pointing out how nifty its mobile banking app is, etc. Of course, the bank never mentions that going paperless saves it a lot of money, and that none of those cost savings are being offered to me. (How about additional interest equal to 50% of the postage and paper costs? That might make my account start to have something like a positive yield...)
There's another problem with going paperless. Going paperless means that my account records exist only in the control of the bank. And banks are now national security targets. While hackers haven't gone after accounts so far, that could well change, and a hacker aiming for maximum havoc might target both accounts and bank records. Having my own set of paper records isn't perfect--they are costly to store, can themselves be doctored, and might lag by up to 30 days. Paper records don't protect against a hacking, but if the doomsday scenario spelled out above were to happen, I'd much rather be a depositor with a trail of paper statements than nothing but electronic records.
Not quite. It is easy to collect your own electronic set of statements. I maintain a full complement of pdfs. It may be easier or more difficult to doctor depending on your talents and banks may or may not consider them less reliable than paper but actual records are still more useful than corrupted or no records.
Posted by: Lord | January 09, 2013 at 09:21 AM
There is nothing new under the sun.
There is a lot of case law regarding dubious bank records and their clash with customer records. Sometimes, it was paper hacking. Paper hacking is quite doable, as an inside job. FDIC v. Holders of Yellow Certificates, 85 Civ. 8164 (VLB) (S.D.N.Y. March 4, 1987).
There is a wonderful old case with a wonderful old name: FDIC v. Records, 34 F. Supp. 600 (W.D. Mo. 1940.) For a batch of cases: Pagano v. United Jersey Bank, 143 N.J. 220, 670 A.2d 509 (1996) (old passbook suffices to evidence bank deposit, notwithstanding lack of record to contrary); In re Ruskay, 5 F.2d 143, 147-48 (2d Cir. 1925) (intent of the parties alone creates bank deposit, notwithstanding lack of bank record); Singer v. Yokohama Specie Bank, 293 N.Y. 542, 58 N.E.2d 726 (1944) (written confirmation of payment enough to create a deposit even though bank declared insolvent before payment entered in bank’s books); Foley v. Hill, [1848] 2 HLC 28, 40-41, 9 ER 1002, 1007.
The old ways is the best ways; bah, humbug!
Posted by: Ebenezer Scrooge | January 10, 2013 at 01:29 PM
E-signature, E-Recording and E-anything else is simply asking for more trouble and entirely too many more pieces of shrapnel than necessary. In the case of the current "crisis" how difficult has it been for anyone to produce accurate *PAPER* records? I've seen my share of copies of documents that were most likely re-prints of digital files - not even paper copies of paper originals.
I introduced myself to the two local foreclosure roundtables in which I was asked to participate by "stealing" an attorney's house on paper and "stealing" a promissory note from Judy Faber and Residential Funding - based on an affidavit from her she doesn't stamp her own signature never mind actually sign it so she won't mind. The attorney for the client whose note I used actually submitted the "stolen" note into record on the case as an example of why the court shouldn't trust copies of documents. All I had at my disposal was a basic off the shelf software program and a multi-function printer.
Bottom line is that if *I* can do it using simple software programs, someone who actually knows what they're doing would be worth a fortune to a company in need of "original" document production... Oh wait... That was what LPS' "price list" was for wasn't it... $13 to "create" a lost note affidavit or note allonge and $35 to "create" a missing intervening Assignment. Such a deal.... http://www.scribd.com/doc/38591053/Lender-Processing-Services-DOCX-Document-Fabrication-Price-Sheet
Posted by: Mike Dillon | January 18, 2013 at 11:49 AM
Just like you, I prefer paper bank statements. Although there is always an assurance from the banks that files are encrypted and difficult to hack, I'm still not comfortable with the idea of relying too much on technology. When it comes to money matters, I prefer hard copies of documents.
Posted by: Diego | January 24, 2013 at 08:29 AM