Fan Bao and his wife Cathy Huang from Highland Park, California, were shocked when they were notified of two fraudulent money orders that were set to transfer money in the amount of nearly $150,000 from their firms's checking account to an account in a bank in Croatia, but not nearly as shocked when one of them was allowed to go through and the bank refused to assume liability for not stopping the transfer and repay the lost money.

Two years ago, the bank - Bank of America, to be precise - urged the couple to start using online banking, telling them it was completely safe and that only wires sent from their company computer, along with a downloaded security certificate, would be considered legitimate.

According to Money Watch, everything ran smoothly until last summer, when Bao received a call from the bank because the aforementioned transfers raised a few red flags since the couple's company has never sent any money to Croatia before, and the amounts were substantial.

His wife being out of the country, and the bank refusing to disclose any details about the transfers to Bao since she was the company’s only “authorized agent”, it took him half a day to convince them to share the information with them.
Unfortunately, not fast enough to stop the first payment from going through, so $50.000 ended in Croatia and were withdrawn.

The bigger problem for the couple arose when the Bank of America refused to reimburse them the money. When opening the account, they agreed to the bank's terms and conditions, which state that the bank must return the money on such occasions only when it is proven that it is the bank that has been compromised, and not the customer's computer.

The bank says it's probably through a banking Trojan or keylogger installed on Bao's computer that the criminals managed to steal his login credentials. Bao filed a suit claiming it was probably an inside job, and accuses the bank of - among other things - breach of good faith and negligence.