I recently transfered money between two of my bank accounts in the same bank, using the e-banking interface, and, once I approved the transfer the website announced having "successfully transfered 0$". Turned out it was a bug somewhere in the e-banking web application. It lost the amount information at some point when constructing the confirmation page, but the amount I had actually requested was correctly subtracted from the source account and added to the target account.
However I now wonder what safeguards are in place in case such bugs occur in the code that actually change the amount stored in an account, especially during transactions involving two different banks. From my limited knowledge, when sending amount X from account 1 in Bank A to account 2 in Bank B, A would:
- tell B it is sending amount X to account 2
- subtract amount X from account 1
and B would:
- Parse the messages from A to get "money amount X" and "account number 2"
- Add amount X to account 2
(Authentication, synchronisation, confirmation and other messages omitted)
Now suppose one of those steps doesn't work as it should (due to malice, to a bug, to a cosmic ray, whatever) and actually processes amount Y instead. That would cause the amount X-Y to be created or deleted overall!
Hence my question: Does this happen in reality? Does money disappear or appear due to bugs in bank software?
Related, but doesn't seem to answer my question: Is it possible to steal money directly from the systems of a big bank?
Also related, but more focused on intentional attacks from outside a bank: Why don't banks get hacked?
