Archive for June 2011


COURT FINDS BANK LIABLE IN CYBERTHEFT

Wednesday, June 22nd, 2011

Internet Banking Theft

In a potential watershed case, A Michigan court has found Dallas-based Comerica Bank liable for over half a million dollars in fraudulent wire transfers executed by cyberthieves.

The thieves used stolen electronic banking credentials to wire over $1.9 million out of the accounts of Experi-Metal Inc., a custom metals shop that sells stamped parts to the automotive industry. The bank was able to reverse or otherwise recover $1.34 million from the fraudulent transfers, leaving Experi-Metal with a loss of over $560,000.

Unlike other cases of this type heretofore, the judge has found the bank to be liable for the unrecovered fraudulent transfers, but for reasons not pertaining to the level of their electronic banking security technology. In this case, 97 individual wire transfers were made within a five-hour period, many to bank accounts in Russia and Estonia. The basis of the judges ruling was that the bank had failed to deal with its customer in “good faith”, saying, “A bank dealing fairly with its customer, under these circumstances, would have detected and/or stopped the fraudulent wire activity earlier.” You may read the judge’s entire opinion here.

Though the judge has yet to determine how much Comerica will have to pay, the case has raised eyebrows within the cyberlaw community because of its potential to set a very important precedent. If the ruling stands on appeal, banks will almost certainly act strongly to limit as much as possible their liability in such cases.

InterComputer’s Trusted Banking solution is designed expressly to prevent the compromise of electronic identities and communications between banks and their clients, and insure against losses from cybercrime of any kind.

Tags: , , ,
Posted in Banking Industry, Computer Crime | No Comments »


COURTS FAVORING BANKS IN CYBERCRIME LAWSUITS

Wednesday, June 8th, 2011

cyberjustice

In one of several closely watched cases around the country, a district court in Maine has received a recommendation from a magistrate that, if adopted, will make it more difficult for businesses who are victims of on-line banking cybercrime to sue their bank for having inadequate electronic security measures.

Patco Construction Co. of Sanford, Maine was hit by cyberthieves for $588,000 in fraudulent wire transfers after those thieves stole the company’s online banking credentials using a “Trojan horse” malware application. Ocean Bank successfully blocked or reversed over $243,000 of the fraudulent transfers, but Patco’s net loss was still over $345,000. The bank then took most of the remaining money in Patco’s account to cover the unmitigated fraudulent transfers.

Patco sued the bank for providing inadequate security measures for its on-line banking services, which allowed thieves to access Patco’s accounts using little more than a username and password.

The magistrate’s recommendation to the court, received on May 27, 2011, would deny Patco’s motion for a summary judgment in their favor. Such a ruling would give tacit approval to the notion that username/password security (also known in the industry as “two-factor security”) is legally adequate to protect banks from losses when their online banking systems are breached.

To learn more about the critical differences between two-factor and three-factor security, click here.

To learn more about the Patco vs. Ocean Bank case, click here.

InterComputer’s Trusted Banking solution is designed expressly to prevent the compromise of electronic identities and communications between banks and their clients, and insure against losses from cybercrime of any kind.

Tags: , , , ,
Posted in Banking Industry, Computer Crime | No Comments »