Bank Not Responsible for Letting Hackers Steal $300K From Customer - Polidicks

[quote=Gizmodo] A judge in Maine has ruled that a bank that allowed hackers to steal more than $300,000 from a customer's online account isn't responsible for the lost money, saying the customer should have done more to protect the account credentials. Magistrate Judge John Rich sided with Ocean Bank in recommending that the U.S. District Court in Maine grant the bank's motions for a summary dismissal of a complaint filed by Patco Construction Company. The ruling was reported Monday by BankInfoSecurity. The case raises questions about how much security banks and other financial institutions may be reasonably required to provide commercial customers. It could set a precedent for liability in circumstances where customer systems are hacked and banking credentials are stolen. Small and medium-sized businesses around the United States have lost hundreds of millions of dollars in recent years to such activity, known as fraudulent ACH (Automated Clearing House) transfers. Patco Construction Company, a family-owned business in Sanford Maine, sued Ocean Bank, which is owned by People's United Bank, after discovering in May 2009 that hackers were siphoning about $100,000 per day from its online bank account. The hackers had sent a malicious e-mail to employees that allowed them to surreptitiously install the Zeus password-stealing trojan on an employee computer. After obtaining Patco's banking credentials and waiting for its account to fill up with money, the hackers used the credentials to initiate a series of electronic money transfers. Nearly $600,000 worth of transfers were made out of the account before Patco realized it had been hacked. Ocean Bank, after being notified of the fraud, was able to block about $240,000 in transfers. But Patco was unable to retrieve the rest. Patco sued the bank for failing to notice the fraudulent activity and stop it. According to Patco, the out-of-character transactions triggered alarms inside the bank, but the bank didn't notice them and let the transfers go through. Patco also accused the bank of failing to implement "best" security practices of requiring customers to use multifactor authentication. Ocean maintained that it had done its due diligence in verifying that the ID and password used were authentic. Judge Rich agreed that Ocean Bank could have done more to authenticate that the person initiating the transfers was indeed an authorized party. "It is apparent, in the light of hindsight, that the Bank's security procedures in May 2009 were not optimal," he wrote in his ruling. "The Bank would have more effectively harnessed the power of its risk-profiling system, if it had conducted manual reviews in response to red flag information instead of merely causing the system to trigger challenge questions." But he nonetheless concluded that the law does not require the bank to implement the "best" security measures available, and that the bank is clear to customers when they sign up about the level of security it provides and the amount of liability it will assume if money is stolen from a customer account. The judge also noted that Ocean's level of security was comparable to that offered by other banks. Ultimately, he determined that Patco was responsible for the loss, because it had not better secured its account credentials. Patco is not the first company to sue its bank over fraudulent money transfers. Experi-Metal sued its bank, Comerica, in 2009 after losing more than $550,000 in fraudulent wire transfers. Other cases are wending their way through courts around the country. The FBI announced last October that it had managed to disrupt a multinational cybertheft ring involving fraudulent ACH transfers. The thieves, using the Zeus malware, targeted small and medium-sized businesses, municipalities, churches and individuals. The scammers were able to steal more than $70 million from victims. [/quote] Source: [url]http://gizmodo.com/5810293/bank-not-responsible-for-letting-hackers-steal-300k-from-customer[/url] Wow, how could you.

[QUOTE=Ignhelper;30380154]According to Patco, the out-of-character transactions triggered alarms inside the bank, but the bank didn't notice them and let the transfers go through.[/QUOTE] :colbert:

[QUOTE=Zero Ziat;30380746]:colbert:[/QUOTE] Oh hey, we have red flags. Pfft, ignore them. Not [I]our[/I] problem. We already have dosh.

[quote]According to Patco, the out-of-character transactions triggered alarms inside the bank, but the bank didn't notice them and let the transfers go through.[/quote] IT'S A CONSPIRACY!!!! The bank was working with the hackers in a Mission Impossible type hack job to steal money from one of it's investors!! THEY ARE GENIUSES!

Yeah this just reeks of corruption at the top. Someone paid off this judge or something.

yeah some guys stole money out of my bank and the bank held me responsible for it too so i fought it all the way to the top and the assholes wouldn't budge. long story short, fuck debt collectors :smug:

Supreme Court time bitches!

Who keeps 600k in an online account?

[QUOTE=crackberry;30384787]Who keeps 600k in an online account?[/QUOTE] Then where else? In their wallets? I don't think their wallets can even fit, unless its a sack.

[QUOTE=aznz888;30382259]Yeah this just reeks of corruption at the top. Someone paid off this judge or something.[/QUOTE] Maybe it was the bank?

[QUOTE=Ignhelper;30385094]Then where else? In their wallets? I don't think their wallets can even fit, unless its a sack.[/QUOTE] I keep mine in a super secret vault behind my LCD TV.

[QUOTE=JinkoMK;30395118]I keep mine in a super secret vault behind my LCD TV.[/QUOTE] Not so secret anymore, hmm?

I wonder how much the judge was bribed to make that ruling.

[QUOTE=JinkoMK;30395118]I keep mine in a super secret vault behind my LCD TV.[/QUOTE] If someone steals your LCD TV, they'll see the vault. :colbert: [editline]11th June 2011[/editline] Robbers steal TVs.

[QUOTE=Zero Ziat;30396599]If someone steals your LCD TV, they'll see the vault. :colbert: [editline]11th June 2011[/editline] Robbers steal TVs.[/QUOTE] Vault was the key word.

[B][quote]A judge in Maine has ruled that a bank that allowed hackers to steal more than $300,000 from a customer's online account isn't responsible for the lost money, saying the customer should have done more to protect the account credentials.[/quote] [img]http://dl.dropbox.com/u/713667/New%20folder/1273432907347.png[/img] [/B]Bullshit they're not responsible. So a Bank's suddenly not liable for having lax and shit security?

[quote]According to Patco, the out-of-character transactions triggered alarms inside the bank, but the bank didn't notice them and let the transfers go through.[/quote] So, uhm, how exactly does he know this? or is this bank about as secure as a fundamentalist christian in Iran

[QUOTE=JinkoMK;30395118]I keep mine in a super secret vault behind my LCD TV.[/QUOTE] That's stupid, you'd see it the moment you picked up the tv Nobody ever checks under the mattress. I'm more safe than all of you.

I can't even read the OP is just makes my blood boil