As featured in The Wall Street Journal, Money Magazine, and more!

What Happens If Your Bank Account Is Hacked?

This article was written by in Banking, Privacy and Security. 23 comments.

What happens if your bank account is hacked? Are you liable or is your bank? We have the answer, along with some tips how to keep your money safe online.

As society’s reliance on technology grows, especially for things like banking, we will continue to see more and more issues with account hacking. Whether on a large scale – such as the recent $10M theft from banks in the U.S. and Russia – or small, data breaches are becoming increasingly prevalent. So, what happens if your bank account is hacked?

How Big is the Problem?

According to the Identity Theft Resource Center, hacking was responsible for a whopping 59.3% percent of the total data breaches in 2017. This number has grown significantly each year (up from 14% in 2007 and 27% in 2012, for instance). It shows no signs of slowing.

It’s concerning enough to think about our email accounts being breached or our personal data being compromised through physical theft of personal documents. However, when we consider the impact of our checking or savings accounts being hacked – and even emptied – the fear increases exponentially.

This may even lead some to think about pulling their money out of financial institutions, opting instead a more personal, less-likely-to-be-targeted solution. However, that might not be the best option.

While there are many reasons to reconsider doing business with large financial institutions, the threat of a cyber attack shouldn’t be one. Those who see the potential for this kind of data breach as a reason for not doing their financial business over the internet are over-reacting. Of course, that’s little comfort in the face of fear.

Let’s take a look at exactly what happens after your bank account is hacked, and why you shouldn’t be scared to bank with an online institution.

Banking Deal: Earn 1.55% APY on an FDIC-insured savings account at CIT Bank.

You Probably Won’t Lose Your Money

You may not know this, but the banks are actually liable for any stolen funds as a result of cyber crime. Non-business Customers should not lose money, as long as they notify their banking institution of the fraudulent transaction(s) within a reasonable period of time and took steps to safeguard their account information.

This is all thanks to Regulation E, a guideline established by the Federal Reserve to protect electronic funds transfers (ETFs). According to Reg E, banking customers are only liable for up to $50 in losses if they notify their bank right away (typically, within 2 days of receiving the statement with the fraudulent charge). If they wait up to 60 days, their lost funds are still limited – losses are capped at $500 – and the bank carries most of the liability.

However, if customers wait beyond 60 days to notify their bank of any fraudulent charges, they may be liable for the full amount stolen.

The takeaway here? You’re still protected as a personal banking customer, even against cyber threats, as long as you stay on top of your account activity. Of course, you should be doing this anyway, but thanks to the Federal Reserve, your losses are largely capped even if you’re the unfortunate victim of bank account hacking.

Banks Are More Prepared than Ever

Banks are hit by cyber attacks every single day. As a result, they are becoming more adept at preventing breaches of security, and are implementing cutting-edge protocols and software to prevent such attacks from being successful.

It’s important to remember that only the big attacks hit the news. Banks are bombarded by security threats all day every day, and their systems are improving exponentially for detecting and dealing with these problems.

You Can Help Protect Yourself

While some breaches happen on a much larger scale, many of them originate by an individual having his or her personal data compromised. In today’s world of WiFi hotspots and coffee shop internet, it’s even easier for hackers to gain access to our accounts.

Luckily, it’s fairly simple to ensure your account is not vulnerable to this particular attack. When using a public internet connection – whether at the airport, in a coffee shop, or even at your kids’ after school gymnastics practice – avoid logging in to important personal accounts. Browsing the web is fine, but don’t enter personal information like your bank account login or even email password while on a publicly-accessed connection.

Also, when logging into your bank account online, most banks allow you to “remember your computer.” This allows you to bypass a few added security questions the next time you log in, but makes it easier for cyber threats. Hackers can spoof your IPv4 address or even use malware to hijack your computer, so you don’t even know it’s accessing your bank account.

It’s a good idea to always disable the “remember your computer” feature. While it makes logging in a bit more of a pain, it’s much more secure in the end.

Keep an Eye Out for Spoofs

Even the most technology-savvy folks can be fooled by today’s advanced social engineering. Keep a close eye on everything you open and click on, to ensure that you’re not their next victim.

Email programs have become very adept at filtering out spam most of the time. However, they’re not foolproof. You may still see emails that look very much like they are official, coming from your bank or even Paypal, asking you to visit the website and confirm some piece of financial information.

In reality, the “bank’s website” is actually a hacker’s website, designed to look identical to the official site. Never enter your password or any other identifying information on a website that you’re accessing over an insecure connection.

Internet browsers now even identify the security certificate. So when you’re visiting a secure website that’s supposed to be operated by Chase, you can verify you’re safe. Click the security icon in your browser’s address bar for more information. Here is a screenshot of what that looks like with Chrome.

When dealing with suspicious emails, you can even nip spoofs in the bud. Simply click on the sender’s email address if you receive a message requesting information, to see if it truly came from your financial institution. If you have any doubts, forward the message directly to your bank’s customer service department and get their confirmation.

You can make your passwords as long and as random as you like, but the complexity of a password is irrelevant if you hand it to a criminal willfully.

Safer Alternatives Don’t Exist

I’m sorry to break the news to your sweet grandma, but stashing money under your mattress is much less safe than giving it to the bank.

When you don’t like dealing with banks because you already believe that these corporations are evil, fear-inducing stories about recent hacks or cyber theft prevalence are particularly resonant. News of major security threats seem to confirm the skeptic’s opinion that money is only safe when it’s cold, hard cash… not bits in a bank’s computer.

However, the threat of your money being physically stolen is much more serious than it being digitally stolen. Your house being robbed and criminals being able to find your hidden bills or walk away with your safe is much more likely than losing money due to cyber crime.

Plus, as we mentioned before, you have methods of recourse if your bank account is compromised. Thanks to Regulation E, your stolen personal funds are protected by-and-large, as long as you notice the theft and alert your bank in a timely fashion. If someone walks out of your house with a coffee can full of bills, you’re simply out of luck.

Should You Worry?

While news of past attacks and the threat of future ones is scary, the truth is that the banks will know before you do. Often times, these institutions (and their advanced cyber security teams) solve the problem before the media even mentions the threat.

Federal law requires that banks are liable in the event of a security breach. There is no bank that wants to be liable for a potentially large amount, so the companies have a very strong incentive to be very proactive and protect their customers.

Banks are easy to criticize, for a number of other reasons. However, security is one area where the needs of the customers, shareholders, employees, and executives are completely aligned.

Does news of cyber attacks change the way you feel about banking online?

Updated February 23, 2018 and originally published December 13, 2012.

Email Email Print Print
About the author

Luke Landes is the founder of Consumerism Commentary. He has been blogging and writing for the internet since 1995 and has been building online communities since 1991. Find out more about Luke Landes and follow him on Twitter. View all articles by .

{ 23 comments… read them below or add one }

avatar 1 Anonymous

Planned or unplanned, it doesn’t matter. The internet is a little like the wild west. I feel vulnerable and I take precautions as much as I can. I constantly update my security program (McAfee), run virus checks and change my password periodically. I feel more susceptable on the internet than I ever did in the real world. It doesn’t stop me from anything, but it makes me pause every so often.

Reply to this comment

avatar 2 Anonymous

NO ONE can prevent a hacker from accessing your account. IF they want to target you they WILL. I have a firewall, a complicated password and important e-mails were deleted.

NOTHING can protect you from a dedicated attack.

Reply to this comment

avatar 3 Anonymous

I’m a customer of one of the banks you list, so I’m a bit concerned. As best I know, I’m doing everything I can to protect myself, but I know nothing is foolproof. I have no intention of stopping banking online though. I can’t believe this alleged attack won’t be stopped now that it’s been revealed months in advance.

Reply to this comment

avatar 4 Anonymous

I got hacked last Wednesday! I check my checking & savings on line every single day. That day I was looking at my e-mails, etc. Turned my computer off and walked out of the room. As I walked down the hall I heard something tell me “You forgot to check you checking accounts”. I believe God is looking out for me, because I went back to my computer and saw a deposit of $7000. First I thought “Oh, I won Publisher’s Clearing House” ha ha, After looking further I saw my savings account was Short $7000 & a check had been cut to a real person. I’ve had my computer hacked 16 times in the last year and I’m pretty sure I know who it is but can’t prove it. This persons name, address & phone number were on my computer but the bank didn’t seem to be the least bit interested in who did it. They just close my old one and gave me a new one. I can’t get the police to help me or the FBI. The bank said they would investigate it! Yeh, in 4 – 5 days. I don’t know what to do. This person has done all kinds of things to me but there is no way to prove it. So be careful . .. .I don’t even know this person and never seen her. She dated my X a couple of times and he told me she had hacking equipment on her computer. Now he’s dead and why I’m still getting it I don’t know they only dated 2 or 3 times.

Reply to this comment

avatar 5 Anonymous

Report the incidents to the police. The police have software detectives and are more than capable in helping you. I’ve been hacked 5 times in 6 years. Every time the police took it very seriously. My PayPal account was hacked and PayPal reimbursed me right away. The other times the bank fought tooth and nail to “not” give me my money, but half the time they ended up doing it. I am very cautious; only use PayPal and Amazon for online purchases. I do pay my Verizon bill online with a checking account (which has never been hacked). It’s only been my debit card that’s been hacked. My Google wallet account was hacked for 3 years before I put two and two together. Little amounts like $2.99, $6.99, etc… They refuse to pay me because they keep putting me off every time I’ve called! Good luck to all :)

Reply to this comment

avatar 6 Anonymous

No, the planned attack won’t change the way I bank. I too keep my computer as safe as possible and I’ve never used and e-mail ‘link’. If there is a website to go to I will get there myself if I think I need to. As a bank customer I take security just as seriously as they do and there are a couple of things I do to help out. First I download and review account information daily, including checking and credit card data. Secondly I forward all phishing e-mail to whomever is being represented. It may take a minute or two to review transactions or forward an e-mail but it well worth it if you stop an invalid charge or transaction immediately.

Reply to this comment

avatar 7 Anonymous

You can’t prevent a dedicated attack. Malware can be sent via text.

Reply to this comment

avatar 8 Anonymous

I’m not too worried. I keep my bank accounts as secure as I can and that is the best I can do. While I would freak out I’m sure the bank would catch it almost immediately. They have some sophisticated software.

Reply to this comment

avatar 9 javi

I am not worried. As you said, banks are attacked all the time. Best thing to do is go straight to the bank’s site, don’t click links from emails, and keep your computer’s security software patched and up to date.

Reply to this comment

avatar 10 Anonymous

Security software does not protect you from a dedicated attack. Security softwre protects from malware that the company provides patches/updates. A crafted malware for a specific individual is not protected by the AV programs.

Reply to this comment

avatar 11 wylerassociate

When you consider how much technology has exploded in the last 20 years along with the good & bad that it brings, there should be some anxiety when you read stories like this but the only thing you can do is due diligence.

Reply to this comment

avatar 12 Anonymous

Having a bank account hacked would be horrible. I have had my wallet stolen and it felt so vulnerable and creepy, I’m sure having a bank account hacked would feel even worse.

One thing that is good about having an online account hacked is that there is usually some sort of protection with the bank that comes along with it.

Reply to this comment

avatar 13 Anonymous

Stores and institutions have been hacked. Personal data hacks is frequently in the news.

Reply to this comment

avatar 14 Anonymous

My neighbor, who owes me some money, claims his bank account (he banks at citizens bank in PA) got hacked and the money in there is currently being held, and he cannot access it, until the investigation is complete. Right before he says he got hacked, he wrote me a few checks that totaled about $600. Each checked bounced, all saying “insufficient funds”. I find it odd that if an account was hacked then the returned checks would say “account closed” and I also find it odd that the bank would deny the account holder access to their own money. If the account was hacked then I would think the account holder would move the remaining funds in another account. Is my neighbor playing a trick, and was there a hacking at Citizens Bank?

Reply to this comment

avatar 15 Anonymous

No it happened to me for 2,000

Reply to this comment

avatar 16 Anonymous

Ransome ware it’s called. they can freeze/block your account. IF the creeps spent their time investigating a cure for Cancer, we would have it.

Reply to this comment

avatar 17 Anonymous

I try to transfer payment to Italy company the e mail hacker ed and I receive the hackers account number and my 43280 euro went to BARCLAY S bank in England and we try aimlessly since 2 month with this bank wish any body lead me to a solution with best regards

Reply to this comment

avatar 18 Anonymous

My refund from the IRS was hacked and I have been unable to get my money back as everyone is denying culpability. My refund was sent to TurboTax who sent it to Santa Barbrbra Tax Products Group who sent it to Chase Bank. TurboTax says they sent it with the correct routing and account umbers and Santa Barbara TPG says they received a different routing and account numbers and sent the money to that Chase account. Chase verifies they received the money. TPG is stating that my computer must have been hacked and they have no culpability and it is too bad and I am out of the money, I have tried everything and everyone is telling me “too bad”. I now assume it is not safe to send anything on direct deposit over the internet. Is there no recourse in this type of situation?

Reply to this comment

avatar 19 Anonymous

Chase’s recent comments about no account information having been compromised is simply false and Chase is lying about it as shown in my own case.
On 16 Sept 15 a Mory Aboubacar Sahno gained access to my Chase Account and made international wire transfers. One of the four transfers went through the Toronto Dominion Bank in Quebec and another through a J.P. Morgan Chase branch in Delaware. I contacted Chase immediately after noticing a wire transfer I did not make, bu they ultimately denied my claim to have the money put back into my account. This Mory Aboubacar even created a profile in my account listing a phone number in Quebec 514-416-4631. That allowed him to get the codes to access my account on line. Chase told me that they recognized my computer from its IP address and that the transfers were made from my computer. After more than 20 minutes of loud conversation and Chase saying they were not allowed to tell me what the IP Address of “my own computer” was, they finally relented and provided me with the IP Address of “my computer” which the customer service representative said was: mozilla/S.O.Windows NT 6.1

After telling them that this was not an IP Address it took me another 10-15 minutes to get the actual IP Address which came from San Jose CA and was not my Internet Service provider at all. The IP used came from EGI Hosting in San Jose (50.117. 78.154) and they told me that the person using it was using a proxy/VPN.

Chase never followed up and has not returned my funds. This is of course a tactic to avoid having to admit that accounts were in fact compromised. They simply say the customer’s claim was fraudulent. I sent a fax to their fraud department and also spoke with customer service, and they are simply incompetent. When I visited the Chase branch in Riverpark/Fresno for assistance, the bank manager there was very helpful but at the same time puzzled and frustrated by the main corporate office she called for an explanation of my claim denial.
I am currently exploring legal action and also intend to publicize the fact that Chase is either negligent/incompetent or intentionally lying to the public. Since this happened to my account it invariably also happened to others.

Reply to this comment

avatar 20 Anonymous

My information was hacked through a government background check. Hackers got in my bank accounts twice. The last a block was put on it so I cannot do online banking. Last week somehow they got it my checking account. My bank has done everything possible to protect my money and it has been replaced each time. What other steps my bank and I can do to stop these hackers from getting in my account? I should I put my money somewhere else? It is very stressful.

Reply to this comment

avatar 21 Anonymous

My aunt account has been hacked yesterday at Sunday … the hacker has stolen more than 3 lakhs .. wat sud I do plzz help

Reply to this comment

avatar 22 Anonymous

People hacking banks should receive the death penalty, period. It would stop tomorrow.

Reply to this comment

avatar 23 Anonymous

My account was negative and then was made positive ledger balance says $3,250 and direct deposit of $761 but account balance says zero. What could have happened?

Reply to this comment

Leave a Comment

Note: Use your name or a unique handle, not the name of a website or business. No deep links or business URLs are allowed. Spam, including promotional linking to a company website, will be deleted. By submitting your comment you are agreeing to these terms and conditions.