US banks told to protect businesses more from cybertheft

As a small parts supplier for the troubled US automotive industry, the Michigan-based Experi-Metal was constantly seeking ways to cut costs and improve efficiency. Online banking was no exception: the manufacturer signed up for that service in 2000 at the behest of Comerica, its bank.

Experi-Metal regularly received emails from the Dallas-based bank with instructions. So controller Keith Maslowski was not surprised in early 2009 when one arrived that directed him to fill out a “Comerica business connect customer form”. He typed in his user name, password and pin number from a token at 7.35am on January 22, three weeks into his employer’s 50th anniversary year. Less than seven hours later, Experi-Metal’s coffers were empty.

Read the full story on FT.com