There's not really enough detail here to support either point of view. There's hacking & skimming in addition to hitting withdrawal limits. It's arguable form the article's information that implicitly trusting up to the withdrawal limit was partly to blame. I'd prefer to see some evidence that it's necessary to put this trust in place at all.
http://www.nytimes.com/2013/05/10/nyregion/eight-charged-in-...