Bank not Responsible for letting Hackers steal $300K from Customer

Discussion in 'privacy problems' started by Dermot7, Jun 7, 2011.

Thread Status:
Not open for further replies.
  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    "A judge in Maine has ruled that a bank that allowed hackers to steal more than $300,000 from a customer’s online account isn’t responsible for the lost money, saying the customer should have done more to protect the account credentials." :

    http://www.wired.com/threatlevel/2011/06/bank-ach-theft/
     
  2. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    From the link,
     
  3. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    For those with nothing better to do, the 70-page order is here:
    -http://docs.ismgcorp.com/files/external/Order-MSJ-052811.pdf-
     
  4. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    And here's a lawyer's POV:
    from here:
    -http://www.bankinfosecurity.com/articles.php?art_id=3705

    There's also a bit about whether the bank's security truly used multifactor authentication.
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Not a big deal. Banks also aren't responsible when you get mugged. Banks also aren't responsible when they get robbed (their money is insured and will be replaced.) Banks also aren't responsible for identity theft.
     
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Seems like banks, & especially THE Bankers are not responsible for anything these days :thumbd:

    Of course THE Bankers were/are not responsible for the worldwide financial mess THEY create, & we are in right now, & have been for over 3 years, & getting worse Every day. Oh no that Them, must have been "Some" other people then :rolleyes:
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    What's going to be done about the hacker?
     
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I find this rather strange. I spoke to my bank some time ago about this type of scenario: stolen user ID and password. I was told that setting up a transfer account requires other authentication (I won't go into it) and no way could an unauthorized person just push buttons to transfer money to his/her own destination.

    I'm going to show this article to my bank and get further clarification on how something like this could or could not (hopefully could not) happen to me and my bank!

    Of course, Patco should be taken to task for not having security in place to prevent Zeus trojans from surreptitiously installing!
    If I were the company CEO I would fire the System Administrator!


    regards,

    -rich
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    My bank uses a user name n password for login. login needs a virtual keyboard rather than actual keyboard. Login is two step. First step u put user name and password. Then they send a special code on ur cell phone no( ur own cell phone registered with ur bank), in 2nd step u enter this special code and only then u can access ur account.

    For transactions, first u make the transaction, then u call the bank and identify urself and tell them u have made a transaction like this n this, they will verify and then complete the transaction.

    Bill payments etc don,t need such phone calls though.
     
  10. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    In my case, I have two passwords. On is enough if I'm just viewing my account. The second has to be entered if I'm doing a transaction. If it's not a utility bill payment or to a predesignated payee, I'm sent a code by SMS which I have to enter.
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Yes, I just forgot to mention that I have a 2nd password too that I need to enter to confirm any transaction, bill payment etc.
     
  12. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    There are definitely standards...
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    Don't put all your eggs in one basket. :D
     
  15. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Like people agree on which is the best / safest
    browser
    firewall
    AV
    linkscanner
    etc

    Forgot to mention OS
     
  16. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    They are responsible if someone comes in and physically robs them. How is this different? I thought that is what FDIC was for.
     
  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Because if I walk into a bank, type in my pin code, walk away and someone steals my money they aren't responsible.

    Just because the money is stolen doesn't make it the banks responsibility.
     
  18. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    There are well defined security standards and it has nothing to do with anything you've mentioned.
     
  19. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    If they had poor security it is their fault imo.
     
  20. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    The problem is so widespread (Brian Krebs has been following it for a while, just browse through: http://krebsonsecurity.com/category/smallbizvictims/ ) that it indicates that there is an endemic security problem with the system. Windows is not secure (sorry, it's true, every single case of this was a Windows box), and it should be the banks responsibility as the central point in this system to utilize a higher level of security than they do at present. But since that costs money, as long as they are not held liable there is no incentive for them to do so.
     
  21. bufoAlvarius

    bufoAlvarius Registered Member

    Joined:
    Jun 15, 2011
    Posts:
    1
    Whose money? If I loan you $100, that $100 becomes your money. If you get mugged, that does not wipe out your debt with me. You still owe me. How well you protected your $100, and how diligent your security was is not my concern, because that money was your property while it was in your possession.

    If I deposit $100, the $100 is the banks money (because they can invest some of it to help pay their expenses - they are not literally holding cash equal to all clients account values). At that point the bank has $100, I have zero, but the bank owes me $100. If the bank gets mugged, I still expect them to pay their debt to me.

    If you think otherwise, suppose Peter, Paul, and Patrick each deposit $150, $200, and $500, respectively. Then the bank is robbed for $123.46. Who do you think lost what amount? Can the bank just say, sorry Peter, that was your $123.46 that got stolen.. Paul and Patrick are lucky.
     
  22. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    What about those blokes who had the $1000 transfer to their account link hidden on the banks website?
     
  23. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
  24. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    Can't understand why people do banking from within a browser. I mean do you see any bank atms directly connected to the internet or any of they're networks that contains their databases? i will never do internet banking. I get in my car and drive to the bank or go to the closest atm. I love my lil bit of money I got left too much
     
  25. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    Some of us live a bit to far away to get in the car and drive to the bank. ;)

    Now I do drive to my local bank, but I do have accounts on the other side of the big pond. :)
     
Loading...
Thread Status:
Not open for further replies.