B2B Payments

Why Banks Don’t Cover Cybertheft For SMEs

Cybercrime is on the rise, and small businesses in particular are facing waves of new Internet theft. B2B buyers, for example, are under threat of security breaches that allow criminals to hack into email and pose as a legitimate overseas supplier, demanding payment to settle an invoice.

This is the so-called "business email compromise," and according to recent Federal Bureau of Investigation estimates, the crime led to more than $1 billion in losses in the last two years alone.

But on top of concerns about cybertheft, small business money managers have another thing to worry about. New reports from NPR released yesterday (Sept. 15) warned SMEs that if their business is hit by cybertheft, their banks are not obligated to compensate for their losses.

[bctt tweet="If a small business is hit by cybertheft, their banks are not obligated to compensate for their losses."]

Reports said that Regulation E of the Electronic Fund Transfer Act does require banks to compensate their individual customers in most cases of cyberfraud. But for small businesses — even if they’re run by a single person — banks are not required to do the same.

NPR spoke with one small business owner who saw $14,000 of fraudulent withdrawals from his business account following a trip overseas. According to reports, his bank refused to cover those losses, even though the business owner notified the bank that he was going overseas and that the withdrawals from that nation occurred after he returned. He said the bank did not notify him of any suspicious activity on his account.

Legislation requires banks to provide their business customers with “commercially reasonable” security protocols under the Uniform Commercial Code, according to reports. And if the bank follows that protocol, it does not have to reimburse a business customer for any losses from cybertheft.

While small business owners argue that banks should take on the liability, others argue the burden should fall on the businesses to implement adequate security features to protect their funds. American Bankers Association Senior Vice President of Cybersecurity Policy Doug Johnson told NPR: “If we gave small businesses that now have to abide by the Uniform Commercial Code those additional protections, then what we do is we take away some of the incentives that they have to have the proper levels of security within their organizations.”

To check out what else is HOT in B2B, click here.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.

Click to comment