Court Finds Bank Has No Liability for Allowing Hackers to Drain Customer’s Bank Account
0 (0)

The Internet Patrol - Patrolling the Internet for You
Rate this post!
 

A Magistrate has recommended to the Federal court in Maine that a bank (in this case Ocean Bank of Maine) has no liability, even though it allowed hackers to remove more than $500,000 from one of the bank’s customers accounts. The customer, Patco Construction, had been the victim of the Zeus trojan, which steals passwords once surreptitiously installed on a victim’s computer.

According to the recommending magistrate, the bank had met its duty by requiring a username and password, and so should have no liability. Moreover, where Patco argued that the bank was not using the “best” security practices, the bank successfully countered that not only had Patco had agreed to their security methods when they opened the account, but that the law does not require them to use the best practices (!)


Said Mark Patterson, president of PATCO Construction, “Things are not always fair, and we have to decide how long we want to fight the fight. We do feel very strongly about this issue, but how far do we want to go?”

Patco was able to recover about $230,000 of the more than $500,000 that was stolen, and sued Ocean Bank for the rest, alleging that Ocean had failed to detect or prevent the orginal fraud (which took the form of fraudulent ACH (Automated Clearing House) transfers).

Said IT security and privacy expert attorney David Navetta, “Many security law commentators, myself included, have long held that reasonable security does not mean bullet-proof security, and that companies need not be at the cutting edge of security to avoid liability. The court explicitly recognizes this concept, and I think that is a good thing: For once, the law and the security world agree on a key concept.”

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

Yet, even the court itself noted that Ocean Bank’s security was less than good. “It is apparent, in the light of hindsight, that the Bank’s security procedures in May 2009 were not optimal. The Bank would have more effectively harnessed the power of its risk- profiling system if it had conducted manual reviews in response to red flag information instead of merely causing the system to trigger challenge questions,” said the court.

But, the court further observes, “Patco in effect demands that Ocean Bank have adopted the best security procedures then available. As the Bank observes, that is not the law.”

That’s legalese for “Sucks to be them.”

 

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

Rate this post!
 

3 thoughts on “Court Finds Bank Has No Liability for Allowing Hackers to Drain Customer’s Bank Account
0 (0)

  1. The bank failed in its duty to secure the client’s funds. What else is their duty?? No matter what the excuses are they failed to do their duty. If they don’t want to harbor that responsibility then get out of the business and allow others to do a better job.

  2. What about the question of Patco’s responsibility to protect their computers from virus infections? If their computers had been protected from infection, then their username and password would not have been compromised. Patco seems to suffer from the “its not my fault, someone else is to blame” syndrome.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.