SWIFT Bank Heists and Article 4A
Journal of Consumer and Commercial Law, Vol. 22, No. 1, at 25 (2018)
7 Pages Posted: 16 Oct 2018 Last revised: 5 Nov 2018
Date Written: September 24, 2018
Abstract
Computer hackers are capable of anonymously stealing billions of dollars through fraudulent wire transfers. Banks in Ecuador, Bangladesh, Vietnam, Nepal, India, Russia, and elsewhere have been attacked. When law enforcement is unsuccessful in tracking down the hackers, parties to the fraudulent transaction turn to the law to determine who must bear the loss. In the United States, responsibility for fraudulent wire transfers is governed by Article 4A of the Uniform Commercial Code. Because wire transfers are often routed through the United States or transferred pursuant to contracts with U.S. choice of law provisions, Article 4A will ultimately apportion the loss of at least some international cyber bank heists. This article explains how Article 4A works by considering the facts of a 2006 heist at Bangladesh Bank. It shows that Article 4A is unlikely to help most originators who find their SWIFT systems have been hacked. Originators of payment orders should carefully consider security procedures used to authenticate payment orders.
Keywords: Uniform Commercial Code, UCC, Article 4A, wire transfer, cybertheft, security procedures
JEL Classification: K20, K22
Suggested Citation: Suggested Citation