Thread Options
#2060740 - 01/27/16 03:46 PM Account Takeover/Ransom
PrimeTime Offline
100 Club
PrimeTime
Joined: Nov 2014
Posts: 173
Looking for opinions regarding the following situation:

Commercial customer receives a ransom virus, which freezes all computers & accounts held by the customer until a ransom is paid. Customer ends up paying the ransom, without allowing the bank to provide technical assistance if possible (such as obtaining IP addresses, providing some level of expertise, etc.). Ransom does NOT appear to have been paid from an account held with the bank. Amount of payment, method of payment, etc. are not known at this point due to the lack of communication between the customer and the bank (despite our continued efforts).

Even if the amount is above the $25,000 threshold (as I would assume that the ransom was paid utilizing as little information as possible, and we would not have full subject information), would this be something that the bank should file a SAR on, as it has knowledge of the situation, even though the funds did not pass through the bank? My initial thought is no, because the bank could not provide much information and therefore the SAR would essentially be useless to LE. Further, because the funds didn't pass through the bank, it would be considered voluntary at that point.

Thoughts?
_________________________
Life is like a bicycle. To keep your balance, you must keep moving.
-Albert Einstein

CAMS

Return to Top
BSA/AML/CIP/OFAC Forum
#2060744 - 01/27/16 03:51 PM Re: Account Takeover/Ransom PrimeTime
bcompliance Offline
Diamond Poster
Joined: Sep 2014
Posts: 1,226
Did the ransom freeze accounts at your bank? If so, that would be the only way I would consider filing because none of the transactions actually happened at your bank.
_________________________
CRCM, CAMS

Return to Top
#2060747 - 01/27/16 03:56 PM Re: Account Takeover/Ransom PrimeTime
rlcarey Offline
10K Club
rlcarey
Joined: Jul 2001
Posts: 77,216
Galveston, TX
How can a virus freeze their bank accounts? Deny electronic access through their current system - sure. Freeze them - no way.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#2060762 - 01/27/16 04:38 PM Re: Account Takeover/Ransom PrimeTime
PrimeTime Offline
100 Club
PrimeTime
Joined: Nov 2014
Posts: 173
Sorry; to clarify on the "freeze" statement, I was referring to the denial of electronic access.
_________________________
Life is like a bicycle. To keep your balance, you must keep moving.
-Albert Einstein

CAMS

Return to Top
#2060764 - 01/27/16 04:42 PM Re: Account Takeover/Ransom PrimeTime
rlcarey Offline
10K Club
rlcarey
Joined: Jul 2001
Posts: 77,216
Galveston, TX
Sounds like their problem to me and it currently has nothing to do with the bank.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#2060823 - 01/27/16 07:55 PM Re: Account Takeover/Ransom PrimeTime
PrimeTime Offline
100 Club
PrimeTime
Joined: Nov 2014
Posts: 173
Great, that's what I was thinking as well but needed a 2nd opinion to make sure. Thanks for weighing in!
_________________________
Life is like a bicycle. To keep your balance, you must keep moving.
-Albert Einstein

CAMS

Return to Top

Moderator:  Andy_Z