|
By Robert Siciliano, IDTheftSecurity.com
A Texas bank is suing one of its customers who was hit by an $800,000 online bank theft in a case that could determine who is to be held responsible for protecting their online accounts from fraud.
Computerworld reports Romanian and Italian based criminal hackers launched numerous wire transfers out of the client’s back account. The bank recovered $600,000 of the $800,000. The victim wanted all its money back and sued the bank to be reimbursed $200,000. The bank in turn filed a lawsuit requesting the bank certify it had adequate security that was considered “commercially reasonable.”
The bank doesn’t want anything more than to be absolved of the $200,000. The bank states all transfers originated from unauthorized wire transfer orders that had been placed by someone using valid Internet banking credentials belonging to the victim.
How the victim’s credentials fell into the wrong hands has not been disclosed. It seems it was the victim’s lax security as opposed to the bank’s.
There are numerous ways this can happen. What is evident is there were wire transfers of various dollar amounts ranging from $2,500 to $100,000 made to different accounts all overseas. The bases of the victim’s lawsuit are that the bank should have systems in place to detect such activity.
Small businesses and banks are losing money via attacks on their online banking accounts. It’s very simple: criminal hackers send an e-mail with a link to a malicious site or download to employees who handle their company’s bank accounts.
These malicious links then steal the username and passwords the employees use to log in to their online banking accounts. Done. So, if my PC is compromised because I don’t have adequate security and $800,000 goes missing from my account, whose fault is it? At first glance some may say the victim’s, others may say the bank’s.
The fact that there are so many ways passwords can be compromised and accounts can be taken over, and banks know this, it should motivate banks to have redundant security in place. Hacks like this undermine people’s confidence in the system.
Here is a similar story being played out. I’m a big believer in taking action and making sure my systems are secure. And the bank has some responsibility here too.
I, we the public, have limitations on what we can do to be secure. I bet anything the bank will tighten up regardless of what the outcome of the lawsuit is because they have to see there is a weakness in their system. If they don’t, they are stupid.
I’ve been trying to transfer money from one bank account to another. My bank has made it difficult to do so. Painful even. It’s a customer service and a security issue. Ultimately they provide an option to do so and it requires paperwork, online authentication, phone calls and text messages.
It’s not a matter of logging in and transferring money by entering another account. Even with my own login details I’m having a hard time transferring money.
Check to see how easy or difficult your bank makes it. Because if it’s easy peazy, that could be an issue if your PC is hacked.
Copyright © 2008 To Present · Information-Security-Resources.com
Robert Siciliano is an expert on personal security and identity theft as the CEO of IDTheftSecurity.com.
Only registered users can write comments.
Please login or register. |
