Alberta BMO customer on the hook after almost $10K disappeared from her account

An Alberta woman says she has to repay almost $10,000 plus interest after herline of credit was drained and the money transferred out of her Bank of Montreal account without her permission.

Charlene MacNeil, 37, said she panicked when she received a credit limit alert email on the evening of Aug. 28, notifying her she had just $33 of available credit left on her $15,000 line of credit at BMO.

She checked her account, noticed a lot of money was missing, and immediately called the bank'scorporatehotlineto report it.

The next morning at her local branch in Tofield, Alta., she learned that $10,300 had been transferred from her line of credit to her chequing account. Then, $9,702 was sent from her chequing account to a bill payee she didn't recognize.

BMO investigated the transactions but will not reimburse her for the missing amount.MacNeil is now responsible for paying back the money, plus 10.8 per cent interest.

"It's a huge hit to our family," MacNeil told CBC News.

Alberta woman on the hook for $10K stolen from her bank account

10 months ago

Duration 2:58

Charlene MacNeil told CBC News she's been banking with the Bank of Montreal since she was a child without any issue. Then, in August, nearly $10,000 was stolen from her account. Now, she says she's been left on the hook to pay the bank back.

She said the incident has taken a mental toll on her, shaken her trust in banks and made her feel like a criminal despite doing nothing wrong.

MacNeil lives on a farm near the central Alberta town of Tofield and has been a BMO customer since she was a kid. Shesaid she never worried about the money in her accounts because she thought she was careful with her personal information.

BMO's investigation

MacNeil said a few days after first reportingwhat happened, she spoke by phone to a bank employee who told her BMO had decided not to reimburse her for the amountbut she could escalate her case to the customer complaint appeal office.

At the bank's recommendation, she reported what happened toRCMP and had her phone wiped in case it had a virus. She provided proof of both steps to the bank.

RCMP spokesperson Cpl. Troy Savinkoff said Camrose RCMP continues to investigate a Sept. 1 report of fraud between $5,000 and $10,000.

BMO spokesperson Jeff Roman said the bank is unable to disclose details of the customer's incident due to the priority the bank places on customer confidentiality. He encouraged CBCNews to examine an investigation outcome letterthe bank sent to the customer.

"It contains important information regarding the facts of this situation," Roman said in an emailed statement.

MacNeil shared the Oct. 10 letter with CBC News. It said that the device used to access her bank account triggered a one-time passcode, which was sent by text to her phone number, successfully retrieved and entered.

"If you were not the one who input your bank card number, secret online banking passwordand the one-time passcode, then either you somehow disclosed this information, or one of your devices (computer, cellphone) may have been compromised to allow someone to gain access to this information," wrote senior investigator Gary Jasper.

He said in the letter that safeguarding MacNeil's bank card number, passwords, passcodes and devices was her responsibility, not the bank's.

MacNeil said she only uses her phone to loginto online banking. Shedoes not remember receiving a two-factor authentication code that day, and had not shared her password with anyone, even her husband.

She said she wonders if herphone was compromised during a work trip to a conference in Las Vegas.

MacNeil said she tries not to use public Wi-Fi networksbut may have done so during theVegas trip.

Unsatisfied with the bank's response, MacNeil said she had a lengthy phone conversation withJasper.

Subsequently, the BMO's branch manager in Tofield verbally offered to reimburse her $500.

MacNeil still hopes to recover the full amount and has filed a complaint with the Ombudsman for Banking Services and Investments (OBSI), a dispute resolution service.

What could have happened?

According to figures from the OBSI, nearly 500 fraud cases were opened between January and July of this year.

Fraud is the top banking issue reported to the industry ombudsman.

And as of June 30, more than $280 million was lost tofraud this year, according to the Canadian Anti-Fraud Centre.

John Zabiuk, chair of the cybersecurity program at the Northern Alberta Institute of Technology, said there are many ways bad actors can access others' bank accounts.

One common way is to impersonate a bank and trick users into giving away their login credentials or allowing remote access to their devices.

Other methodsinclude obtaining passwords from a data breach and convincing people to download malware disguised as useful applications.

As for MacNeil's public Wi-Fi theory, Zabiuk said if a network is not secure, it is very easy for attackers to intercept a connection and watch everything that occurs on a device.

"Public Wi-Fi should be avoided at all costs," he said.

Zabiuk also recommends changing passwords every two months, signing up for multi-factor authentication, checking bank accounts regularly and researching applications before downloading them.