Interesting solution to cyber theft problem


Cyber-attacks against banks remain a huge issue in the industry, as Trojan-oriented attacks on customer accounts continue to proliferate.

Unfortunately, in the minds of some, these attacks represent a cost of doing business, as it is assumed that at some point hackers will be able to drain money from accounts. The real goal may be to reduce the success rate of attackers. In that vein, CSO raises an interesting non-technological solution: Civil litigation.

A recent federal court decision in Maine found that a small bank was liable for the losses suffered by a small-business customer, Patco, a small development and contracting firm.

Patco sued People's United "for authorizing six fraudulent withdrawals from its account in May 2009, totaling $588,851, even after the bank's security system had flagged each transaction as high-risk. The fraudulent transactions -- six over seven days -- came from a computer that had never been used before by Patco, from an IP address not recognized as from Patco, and were for amounts greater by several magnitudes than any Patco had made to third parties before. The money was going to people Patco had never before paid. The bank was able to block or recover $243,406 of that total."

An appellate court issued a surprise decision recently when it ruled the bank liable. This is almost shocking in the light of several rulings that banks should not be held responsible for the losses of business customers who were breached. Ultimately, the bank agreed to pay Patco the money lost to the hackers plus interest.

This is a tough position to be in for banks, as most breaches tend to originate at the customer-level via standard phishing and other ruses, not the bank-level. The silver lining in aggregate is that the threat of liability may prompt banks to take a new look at cyber protection they might be enable even at customers with lax security policies. On the other hand, banks may also seek specific non-indemnification clauses in contracts.

For more:
- here's the article