On the Web, a bank isn't always a bank. Instead of keeping cash safe, they may just keep it. And when the rightful owners can get at it, sometimes so can everybody else.
Since 1996 at least 10 warnings about bogus online banks have been issued by the Office of the Comptroller of the Currency in Washington. According to one government source, many of these organizations are involved in illegal operations but fall through the regulatory cracks. Extraordinary rates and promises of "extra secrecy" may seem suspicious, but they must commit crimes before the government can act.
Swindlers that operate from off shore or without government authorization have been around for a long time, but the Internet lets them woo new customers more easily than ever before. Small businesses should practice due diligence and examine new financial institutions closely before handing over any money. Still, the U.S. banking system is far from simple, and it can be hard to figure out who's on the up-and-up.
A business looking into the background of X.com yes, that's really it's name an Internet bank based in Palo Alto, Calif., might think something shady's going on, even though its operations are perfectly legal. While X.com isn't yet authorized, it is in the process of acquiring First Western National Bank in Colorado, and it's that charter or anticipated charter that allows them to operate as a bank.
Also, just because a bank is offering great deals on the Internet doesn't mean it's working outside the law. X.com can offer better rates and lower fees than other banks because they enjoy the same low overhead and efficiency benefits as other dot-coms, according to Julie Anderson, its director of public relations. "It's all electronic, and that really lets us cut costs," she says. "We can still make money without charging fees."
However, X.com recently got in hot water because its policies permitted users to transfer small amounts of money from their other bank accounts simply by entering the account and branch numbers. At least one miscreant exploited this to illegally transfer money. The company has changed policies, corrected customers' accounts, and now requires that a cancelled check and a copy of a valid driver's license be sent to verify every transfer. That's a decidedly low-tech procedure for a dedicated high-tech company. "It definitely is a little more cumbersome, but security is a big concern," Anderson says.
Unfortunately, online banks aren't much safer than other sites. This past February a flaw in Windows 2000's server software exposed files at thousands of Web sites and several banks, according to David Litchfield of Cerberus Information Security in London, who discovered the flaw. "A number of banks were susceptible," Litchfield says. "Whether it's a bank or an e-commerce site selling books, it still will be vulnerable." But a bank that can't keep people out isn't much of a bank.