Comments: 1st round in Internet Account Fraud World Cup: Customer 0, Bank 1, Attacker 300,000

A judge in Maine has ruled that a bank that allowed hackers to steal more than $300,000 from a customer’s online account isn’t responsible for the lost money, saying the customer should have done more to protect the account credentials. ....

The case raises questions about how much security banks and other financial institutions should be reasonably required to provide commercial customers and could set a precedent for liability in circumstances where customer systems are hacked and banking credentials are stolen. Small and medium-sized businesses around the U.S. have lost hundreds of millions of dollars in recent years to such activity, known as fraudulent ACH (Automated Clearing House) transfers.

Patco Construction Company, a family-owned business in Sanford Maine, sued Ocean Bank, which is owned by People’s United Bank, after discovering in May 2009 that hackers were siphoning about $100,000 per day from its online bank account. The hackers had sent a malicious email to employees that allowed them to surreptitiously install the Zeus password-stealing trojan on an employee computer.

Posted by Wired says more.... at June 8, 2011 05:08 PM

previous item, I mention in 95-96, financial industry conferences with presentations about moving consumer dialup online banking to the internet ... largely motivated by significant customer support costs for proprietary online dialup operation. at the same conferences there was presentations by commercial/cash-management dialup online banking saying that they would *NEVER* move to the internet because a wide variety of vulnerabilities (many since been seen). A couple yrs ago, feds came out with a recommendation that companies have a dedicated PC for online (internet) banking that is *NEVER* used for anything else (as partial countermeasure to many of these vulnerabilities).

Posted by Lynn Wheeler at June 8, 2011 05:43 PM

US regulators may demand increased online banking security
http://www.out-law.com/default.aspx?page=11995&lang=en-gb

Posted by Lynn Wheeler at June 14, 2011 02:10 PM

next round:

Comerica Bank ordered to pay after customer hacked
http://www.computerworld.com/s/article/9217662/Comerica_Bank_ordered_to_pay_after_customer_hacked

Posted by Lynn Wheeler at June 15, 2011 08:03 PM
Post a comment









Remember personal info?






Hit Preview to see your comment. 
MT::App::Comments=HASH(0x557feaff1218) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.