Bank lawsuits expose legal confusion over cybercrime0
Posted on 6th Jul 2011 by Gemalto in Corporate
In two consecutive weeks we saw headlines made by customer versus bank lawsuits relating to cybercrime.
In early June, a court in Maine ruled in favor of Ocean Bank in an ACH fraud lawsuit, saying that, “having verified IDs, passwords and requested challenge response questions, it acted in good faith by processing the ACH payments and Patco (the customer) was to blame for letting its details become compromised.” This week, however, we see a different (near opposite) ruling from a Texan judge which favored the business which had been the victim of fraud.
In the most recent case, the customer (Experi-Metal) was a victim of an apparent real-time phishing scam that resulted in almost 100 wire transfers (worth $560k) being processed after both their Comerica user credentials AND security token password were compromised. The judge stated: “A bank dealing fairly with its customer, under these circumstances, would have detected and/or stopped the fraudulent wire activity earlier.”
There are a few things worth noting in these scenarios, firstly the fact that neither of these banks are major financial institutions – meaning attackers are looking further afield for potential victims. By targeting smaller organizations, they obviously believe that they will be more likely to find the weak link in the security chain, wherever it is. This means that every institution, large or small, should have someone (or some group) that owns security for them and takes it seriously – before they end up in the news.
Secondly, no one wins from a lawsuit like this – there is no scenario where a bank should say “we won that one!” Whether a judge decrees it or not, it is the responsibility of the institution to provide a safe banking environment for customers, period.
Thirdly, the ruling shows that our current laws do not understand, or even agree on, what should be done. One judge ruled that questions and answers were good enough to protect the customer. Then, a separate judge rules that the bank should have detected a mere 100 wire transfers from an account after IDs, passwords, and its OTP token password were compromised.
I am no legal expert, but I feel the judge in Texas got it right, whilst his counterpart in Maine was probably basing his ruling on the fact that he has never had his credentials compromised.
Finally, it is important to note that protections that can thwart these attacks are both available and affordable. Online banking is now a critical piece of the delivery chain for banks of every size and, when a lawsuit like this happens, it calls attention to a growing problem. Coupled with recent attacks aimed at huge companies like Lockheed and Citibank, there is a real danger that customers may start to EXPECT to be compromised, and just avoid the channel entirely as a result. And that is the last thing that banks would want to happen.
Tags#GemaltoNFC 4G Apple BYOD Digital Security EMV Facebook Gemalto Isis LTE M2M MasterCard Mobile NFC OTP Payments SIM SMS Twitter USA Visa authentication banking cio cloud contactless convenience digital ebanking fraud hacking identity innovation internet of things machine-to-machine mobile marketing mobile payments mobile world congress mobile wallet mobile payment multi-factor authentication online banking password passwords security smartphone social media strong authentication technology two factor authentication
Around the siteRecent Posts
- Gemalto in the W3C : working to add more security to the web - 01/09/14 @ 03:06
- Laetitia Jay tackles the big M2M issues on "The Peggy Smedley Show" - 01/09/14 @ 10:51
- What is the common link between smart energy, mobile payments, digital identity, and your social security card? SXSW 2015 - 29/08/14 @ 12:04
- Australia’s Mobile Payment Journey: Growth and Potential - 28/08/14 @ 02:06
- Winning Trust in Government Security Solutions: ABI Ranks Gemalto Top in Smart Cards - 28/08/14 @ 12:02
- I hope they enable the contactless payment componen... - 19/03/14 @ 03:43
- Mobile payments providers are widespread around UK ... - 15/03/14 @ 08:34
- I have OWA for Exchange 2003 working with smart car... - 06/03/14 @ 05:32
- Biggest issue with mobile beacons seems to be makin... - 04/03/14 @ 11:15
- Google will win, IMO. I just can't wait for this.... - 24/02/14 @ 09:59
- Gemalto (182)
- Marta Bordonada (52)
- Tim Cawsey (51)
- Dominique Brulé (27)
- Jennifer Dean (24)
- Philippe Benitez (23)
- Ken Abbott (19)
- John Ahlberg (19)
- Kristel Teyras (18)
- Manfred Kube (17)
- Neville Pattinson (14)
- Isabelle Lodo (12)
- Jack Jania (11)
- Brittany Jedrzejewski (10)
- Axel Hansmann (10)
- Stéphanie Viriot (9)
- Alexandre Bordier (9)
- Michelle Leech (8)
- Nicole Smith (8)
- Cecile Eurendjian (8)
- Kim Depussé (8)
- Ernesto Haikewitsch (7)
- Paul Kobos (7)
- Naomi Lurie (6)
- Muriel Charriere (5)
- Macey Morrison (5)
- Xavier Larduinat (5)
- Vincent Truffier-Blanc (5)
- Agnes Hammond (4)
- Arta Sylejmani (4)