The National Bank assures that the majority of its commercial customers targeted by fraud in September have been “fully reimbursed”.
“The majority of affected clients have recovered 100% of their funds,” assures Geneviève Turbide-Potvin, first vice-president, business and private management 1859, in an interview with The Press. In the coming days, we hope to have responded to all customers. »
According to the Bank, “a few dozen” commercial accounts have suffered from a wave of phishing fraud since mid-September. Some of them were completely empty after the passage of the hackerseven lines of credit.
Contacted by The Press, Pascal Gosset had just been contacted by the financial institution on this subject, late in the afternoon. His car resale business was allegedly stolen $60,000 from his business account.
“I was told just before you called me that I was 100% reimbursed,” said the entrepreneur, relieved, but unimpressed by the Bank’s attitude.
“There was a terrible lack of communication,” he said. Pascal Gosset remains under the impression that the financial institution tried to find a way to avoid having to reimburse customers.
Geneviève Turbide-Potvin assures that this is not the case, but recognizes that the Bank could have reacted better in terms of communication with the public and with affected customers.
“I look at this today and I say to myself: could those for whom this has not yet been resolved today, could we have had better communication, more frequent communication, to be able to tell them where Are we in our investigation? she suggests. But in the end, we keep it very opaque, because we don’t want to create or give to hackers new ways to come back to us. »
“No internal breach of confidentiality”
Also in interview with The Press, the head of information security André Boucher specifies that the customers affected by the frauds were all victims of some form of phishing. “There was no breach of confidentiality internally,” he insists.
According to him, the phenomena of fraud targeting multiple clients of the same institution “comes somewhat in successive waves”. “Perhaps it was the National Bank’s turn to attract attention,” he said.
The investigation is still ongoing, but André Boucher specifies that the criminals used several different techniques: fake site where the customer is invited to enter their contact details, fake text messages, robotic calls… “It can go as far as the fake representative who actually calls the person,” he says.
Techniques of hacking “normal” for him. “But this is far from normal for the victim,” he said. For the victim, it is important that we have compassion and that we try to find a solution as quickly as possible. »
Pascal Gosset says that the fraud suffered in his commercial account took place despite the use of a two-factor authentication technique with a security key.
He says he is surprised that no one was able to prevent the fraud: his payments usually go to the United States, while in his case, the fraudulent transfer went to an account in the Ottawa region.
Crisis of confidence
By breaking silence today on these frauds, the National Bank is trying to make amends, believes Mylène Forget, president of Massy Forget Langlois, public relations.
“Our banking system is based on trust. If it is lost, it is extremely difficult to rebuild it,” she says.
In this case, the frauds took place in mid-September. For her, the Bank’s response to its robbed customers comes late. “It’s a long time,” says Mylène Forget. We are now in mid-October, there are people who have had their bank accounts and their lines of credit emptied. This meant that companies had to make difficult decisions… It’s the worst thing that can happen when you can no longer pay your employees. »
First vice-president of communications, Debby Cordeiro agrees that the National Bank will necessarily have to do a “post-mortem” of these incidents, once the investigation is completed.
“We’re not saying we’re perfect,” she said. We know we can be better. We’re going to be. »