By Barb Arland-Fye
A sophisticated operation of online thievery is suspected in the illegal transfer of $600,000 from the Diocese of Des Moines’ Automated Clearing House (ACH) funds. No diocesan or bank staff is suspected in the theft. About $180,000 of the missing funds has been recovered, according to a Diocese of Des Moines news release issued Aug. 26. The funds were illegally transferred to unsuspecting recipients across the United States on Aug. 13 and 16, the news release said.
On Aug. 17, Bankers Trust of Des Moines advised the diocese of the situation; all relevant bank accounts were shut down and at the diocese’s instruction the bank initiated the process to recover funds where possible. The U.S. Treasury Department and FBI were notified; the FBI is investigating and has taken possession of several diocesan computers. The diocese said it remains in communication and full cooperation with the FBI.
“To the best of our knowledge, every indication points to proper procedures being followed both before and after the thefts,” the news release said. The bank has assured the diocese that no personal donor bank accounts that utilized ACH gifting have been compromised.
“While the Diocese of Des Moines is protected by insurance and anticipates the restoration of the funds, we have been advised that such criminal activity is rampant. Obviously, any entity that experiences such a crime should be significantly concerned. We trust, however, that legal authorities are doing all they can to investigate this matter, and hope for a day when such criminal activity is eradicated,” Bishop Richard Pates, the Bishop of Des Moines, said.
The Davenport Diocese believes it has risk controls in place, such as the use of reputable vendors who also take these threats seriously. “Steps are being taken to assure the Diocese of Davenport is not subject to the same vulnerability,” said Char Maaske, the diocese’s chief financial officer. “Our concern is also for our parishes and schools. We would like to distribute information to them as soon as possible to advise them on ways to protect their assets.” The diocese is meeting with its banker, Quad City Bank & Trust, to discuss safety tips.
“The parishes do not transmit funds to the diocese through ACH although there has been some interest over the years. We deposit only checks from the parishes,” Maaske noted. The Catholic Foundation for the Diocese of Davenport, a separate entity, accepts donor pledge payments through ACH with an outside firm. “Those payments are transmitted directly from the firm to our bank account at Quad City Bank & Trust,” said Sister Laura Goedken, OP, the diocese’s development director.
ACH is one of the applications that can move money from one account into other accounts. In cases involving online theft, it’s the computer that’s being compromised, said Therese Gerwe, vice president, Treasury Management, for Quad City Bank & Trust. Computer users making online transactions need to be on alert for viruses, maintain updated antivirus protection and firewalls and take other preventative measures such as not opening attachments that might be fraudulent, she noted. Optimally, an online banking account should be on an isolated computer where e-mail and web browsing are not allowed.
Some computer viruses creep into computers through what appears to be an innocent-looking e-mail that a computer user has opened up. The virus sleeps until it is alerted that the computer user is going into online banking, Gerwe noted.
“We’ve created a document for our customers on how you can protect yourself, your computer, things to be aware of,” said Quad City Bank & Trust’s Laura Ekizian, vice president of private banking. (See accompanying story below.)
ACH is widely used and growing in usage. Wells Fargo, on its website, notes that it has one of the most advanced ACH systems in the country, processing over 1 billion ACH transactions annually.
Digitaltransactions.net notes in an Aug. 17 news release that “Transaction volumes are rising on the automated clearing house, but a recently released survey shows a nasty side effect of this growth is a rise in the volume of disputed transactions.” The organization notes, however, that for the thousands of financial institutions that handle ACH items, unauthorized debits are decreasing. Around the same time, NACHA, the Electronics Payment Association, hiked penalties for unauthorized transactions. NACHA was created to establish uniform operating rules for the exchange of Automated Clearing House payments among ACH associations.
Tips to reduce risk of online fraud
What you can do to reduce risk of online fraud:
• Access your online banking account on an isolated computer where e-mail and web browsing are not allowed.
• Be suspicious of e-mails from organizations requesting account information, pin or security codes, access credentials such as user ID and passwords — even if it looks legitimate. Financial institutions will never ask for this information over e-mail. Opening these e-mails, file attachments or web links could expose your system(s) to malicious code which could hijack the computer and steal sensitive information.
• Install a dedicated, actively managed and monitored firewall. A firewall limits the potential from unauthorized access.
• Create strong passwords — at least 10 characters in length which include a combination of mixed case letters, numbers and special characters.
• Prohibit the use of shared usernames and passwords for online banking applications.
• Change passwords regularly throughout the year.
• Ensure you have installed and keep updated virus protection software on all computers and schedule updates at least daily.
• Ensure your computer systems are patched regularly with operating system updates.
• Never leave your computer unattended while logged into an online application.
• Contact your banker immediately if there is suspicious activity with your online banking account.