Hackers stole nearly US$2 million from the online bank accounts of Japanese businesses in April, a surge in theft that has prompted some banks to curtail online services and rethink compensation policies, executives and regulators say.
In April there were 50 cases of theft from online accounts held by Japanese businesses with nearly 200 million yen stolen, according to a person with knowledge of the industry-wide tally, which has not been made public. That was more than the entire previous year.
Japanese businesses reported 34 cases of online banking swift code theft for the year ended March with a total of 182 million yen (US$1.8 million) stolen, according to data released by the Japanese Bankers Association.
Earlier this month, a senior official with Japan’s Financial Services Agency told regional bank executives that regulators were concerned that online theft could cause a chain of small business failures and bankruptcies, according to participants who attended the closed-door meeting.
Mitsubishi UFJ Financial Group and Mizuho Financial Group said their corporate customers had been hit by online thefts. Top regional lenders such as Fukuoka Financial Group and Bank of Yokohama also said their clients had also experienced losses.
Corporate users of online banking in Japan tend to be small businesses and family-owned firms. In a typical theft, hackers trick owners into surrendering passwords or gain control of poorly protected computer systems to make transfers out of their accounts, industry officials and security experts said.
“This has become a serious problem,” Masaaki Tani, president of Fukuoka Financial Group, the largest regional bank, said earlier this month.
It was not clear why cases of such theft had increased so rapidly although bankers elsewhere have warned of a growing threat from hackers. “Cybersecurity attacks are becoming increasingly complex and more dangerous,” JPMorgan Chase & Co Chief Executive Jamie Dimon said in a letter to shareholders in April.
Japan’s banks are divided on how to respond. Promising compensation might remove an incentive for businesses to tighten security, some executives say. At the same time, tightening security too much could kill the convenience of online banking.
In April, many regional banks suspended a service which allowed clients to transfer money on the spot to accounts that were not pre-registered. Chiba Bank reduced its online transfer limit to 10 million yen, from just under 100 million yen.
Until now, the question of whether to compensate businesses for online theft has been left to each bank. Most offer fewer protections than they do for individual accounts.
Resona Bank has said it will compensate business clients for Internet losses of up to 50 million yen when customers have taken appropriate security measures.
The lender is part of Resona Holdings, Japan’s fourth-largest banking group by assets. Resona’s pledge is part of a push to build its business, including lending, to small- and medium-sized businesses at a time when overall loan demand remains weak.