X.com says theft halted; customer disagrees. A start-up Internet banking service has revealed that a flawed security policy that allowed customers to transfer funds without verifying bank account numbers resulted in close to $10,000 worth of illegal transfers. But at least one person has charged that online thieves tried to transfer more than $50,000 from his bank account using a stolen account number. Before revising its policy on Jan. 22, X.com Corp. in Palo Alto, Calif., allowed customers to transfer up to $2,500 from any U.S. bank account and then withdraw the money by entering only account and bank routing numbers on the X.com Web site. According to company CEO William Harris, the would-be crooks, entering data from other people’s accounts, attempted six unauthorized fund transfers that were halted by X.com. Imad Khalidi, CEO of Auto Europe LLC, a car rental agency in Portland, Maine, said he discovered on Jan. 14 that someone had used his account number to siphon $21,000 out of his company’s bank account to pay for Gucci merchandise. Khalidi said thieves made four other attempts to transfer money from his account via X.com and Wilmington, Del.-based WingspanBank.com, including an attempted $23,000 transfer. The online grifters then posted Khalidi’s account numbers to an Internet forum. “They are building Web sites without security, and they never asked for a voided check,” said Khalidi about X.com and WingspanBank. WingspanBank.com didn’t immediately reply to Khalidi’s allegations. The company did issue a statement that asserted, “We are aware of the industry issues surrounding (the Automated Clearinghouse Network) transfers, we are committed to the highest level of security for our customers and are continually evaluating and enhancing our security systems as appropriate.” According to Harris, X.com, a division of First Western National Bank, a small bank in La Jara, Colo., has changed its security policies to require customers to fax or mail a voided check, signature card and a copy of a driver’s license to verify bank account numbers for transfers of any value. Harris said none of the attempted transfers involved the actual theft of money. He said X.com notified law enforcement officials and the Federal Deposit Insurance Corp. of one attempted incident and was in communication with one financial institution, which he declined to name. X.com didn’t comment on Khalidi’s charges. “In this situation, X.com did a pretty good job of discovering what was going on and took steps to change the policy to respond to customer concerns swiftly,” said Rob Leathern, an analyst at New York-based research group Jupiter Communications Inc. But Elias Levy, chief technology officer at San Mateo, Calif.-based security consulting firm SecurityFocus.com, said he was told by X.com that it was forced to change its procedures after receiving calls from fraud departments at other banks. “It’s incredible how appalling their lack of security was. The potential for damage is enormous,” said Levy. Related content feature Download the Digital Workplace Enterprise Spotlight From our editors: It’s been decades in the making, and it got a no-turning-back boost from the COVID-19 pandemic. “It” is the digital workplace, the combination of work-anywhere remote access, internet- connected computers and mobil By Computerworld and CIO staff Aug 01, 2024 1 min Business Services Remote Work Project Management feature About the Best Places to Work in IT Nominate your organization for Computerworld's 2025 Best Places to Work in IT list and find out about the program, including eligibility, survey contents, deadlines, and more. By Best Places to Work in IT Team Jul 18, 2024 10 mins Careers IT Leadership feature Is AI the secret sauce for the four-day workweek? AI and automation may help enterprises transition to four-day workweeks by promoting asynchronous work, optimizing the exchange of information, and minimizing low-level tasks. By Eric Frank Jul 17, 2024 12 mins Employee Experience IT Leadership IT Management opinion Boeing and the perils of outsourcing mission-critical work Never let MBAs driven by the bottom line take over an engineering company building airplanes and spaceships. By Steven Vaughan-Nichols Jul 05, 2024 5 mins Technology Industry Outsourcing IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe