Judge Sides with Bank in Lawsuit by Cyber Heist Victim
Judge Sides with Bank in Lawsuit by Cyber Heist Victim
Posted 06/09/2011 at 8:26am
| by Paul Lilly
15
Comments
Print
You put your money into the bank trusting that your banking institution's computer security safeguards will it from falling into the wrong hands. But when hackers do manage to break in and steal money from your account, should the bank be held responsible? Not according to a Maine judge who ruled in a case involving a business that sued its bank after losing $345,000 via unauthorized Automated Clearing House (ACH) transfers.
Patco Construction Company sued Ocean Bank in 2009 after hackers infiltrated the company's online account and tried to make away with $589,000 in ACH transfers, according to an IT World report. The bank managed to block $243,000, leaving Patco responsible for the remaining $345,000, plus interest charges on more than $100,000 from Patco's credit line to cover the illegal transfers.
So why doesn't the bank have to foot the bill? Plain and simple, the security breach occurred on one of Patco's computers as a result of malware. As far as the bank sees it, Patco was negligent with its online banking credentials, and that's why cyber crooks were able to steal so much money.
From Patco's perspective, the bank should have known that something fishy was going on since the illegal transfers were out of the ordinary based on the company's past transactions. Patco contends that Ocean Bank was at fault for not implementing stronger authentication schemes, like token-based authentication and out-of-band verification.
"Alarms were going off all over the place, but the unfortunate part is that the bank was not watching them," said Mark Patterson, a co-owner of Patco. "It's not their problem. They're not responsible for security."
In a 70-page ruling, Magistrate Judge John Rich sided with Ocean Bank and rejected Patco's claims that it wasn't at fault. The judge did say that Ocean Bank could have done more to authenticate the identity of those involved in the illegal transfers, but ultimately Patco was to blame.
More like this
15
Comments
Comments are closed on this article
altheamaeB
June 13, 2011 at 1:44am
Regardless of internet account burglary in excess of $300,000, a Maine judge has decided that the financial institution that was aware of the theft is not accountable for the money. BankInfoSecurity reports the judge told the plaintiff that they needed to have done a more satisfactory job of keeping their own account information secure.
Wingzero_x
June 11, 2011 at 2:13am
Well then I guess ultimately Microsoft is responsible, after all they are the ones that have kept a producing/ and selling a operating system that is far too easy to break. And what if the computer had anti-virus installed and updated?
Sorry, but I feel the bank is responsible here, and I can't really see how anybody could say otherwise. Would you say the same thing if somebody wiped out your savings, because some hacker found a back door through the latest Flash player? After all we put our money in banks for the security, and many times we have no choice in the matter, as direct deposit is forced upon us. The bank should have had safeguards in place to see suspious activity, and by federal law any transactions over $3000 should have threw up red flags anyway.
But ultimately this doesn't suprise me a judge would side with a bank. As many politicians are bankers, and even some judges are bankers, and as the TARP showed us they could careless about the blue collar workers in this country!
Tekzel
June 10, 2011 at 6:05am
My take: The bank's security and monitoring should be investigated, if found lacking they should SHARE responsibility (to a certain %, definitely not more than 50) with the client. If their security and monitoring are found to be adequate, then it's 100% the client's fault.
It's a hard lesson to learn, but maybe they will learn that you don't do your general surfing / facebookery on the same machine that you do your financials on in a business.
jonnyohio
June 09, 2011 at 5:19pm
1 he had all that in one bank account? Stupid mistake one. 2 he didnt check his account for how many days? No bank i deal with would let me transfer that much in a short time. Not keeping an eye on an account like that ...stupid mistake 2. 3. Not having virus and malware protection and half a mill in the bank....biggest stupid mistake of all time. A fool and his money soon part...the only one that should lose out is the fool. The judge was right. But if I were him Id find a better bank. Most banks have things in place to protect people against their own foolishness...yeah that bank sucks but it doesnt make them liable in this situation.
MrBlueCheese
June 09, 2011 at 9:15pm
1) Having all that money in one bank is not stupid. I bet you there are tons of millionares that put all of their money into a single bank. The bank should have done more.
2) Even if he checked it every single day (which is what some people do) it would have been a day late and a dollar short in the transfer.
3) Who says you can't get malware even if you have anti-virus protection? You can still get a virus/worm/malware even with a top of the line security system.
4) Assuming certain facts, now that's a mistake.
Not sure what i feel about the judge's opinion, but i sure know that the person who's responsbile for that mistake is going to regret it.
JohnnyCNote
June 09, 2011 at 1:16pm
So first we give rich types like bankers a nearly negative tax rate, then stack the legal deck in their favor. Now they can say anything they don't want to pay isn't their responsibility and, chances are, the judge will rule in their favor. What happens when nearly all the wealth in the US is held by a tiny minority, and everyone else has nothing? I used to think the idea of the US becoming like a third world county was too absurd to ever take seriously. Now I'm having to thoroughly rethink those ideas . . .
MrBlueCheese
June 09, 2011 at 9:17pm
"What happens when nearly all the wealth in the US is held by a tiny minority,"
I'm sorry to say this, but that's already happened.
10% of the population owns 85% of the wealth (in the US).
Ghok
June 09, 2011 at 12:45pm
While I don't think the theft sounds like it's the banks fault, they certainly don't sound like a very good company to bank with.
Keith E. Whisman
June 09, 2011 at 11:19am
This pretty much tells banks they can steal your money and not have to own up to it. They aren't responsible for what happens to your money once they have it. That is screwed up. So this is kinda like a day care provider not being responsible for your children while they are in their care. So what this judge is saying is that the bank can't be held responsible for account activity. They can drain your account and say we don't know what happened but we aren't responsible for your money and because of this precident they will win. This sucks. That judge had to have taken a pay off of some sort.
blkpanthr
June 09, 2011 at 11:29am
Keith, i think you mis-read the article.
The actual company workstation was hacked with maware, not the bank.
It it the Companies fault for not properly securing the workstation which was used.
I agree with this decision.
You cant hold the bank responsible for poor security practices of a customer.
If you get robbed becaue you left your key under the doormat, is it the contractor who built your house fault?
Keith E. Whisman
June 09, 2011 at 11:35am
Your right, I only read that first paragraph before the jump. I shoulda read the whole article. I just don't have enough time in the day to read everything anymore. My bad. Thanks for pointing that out. I'll leave it unedited to show what happens when you don't read everything.
whiplash55
June 09, 2011 at 10:52am
Contact your bank and brokerages if you have them and tell them you want to disallow wire transfers. If they won't comply do your banking elsewhere.
TechLarry
June 09, 2011 at 10:20am
This is one seriously hosed up decision. I hope it gets over-turned, or we are all farked.
wolfing
June 09, 2011 at 9:51am
I'd side with the bank too. Sure, they *could* have had more measures to have detected this earlier, but ultimately, it's not their fault that it happened. The bank could still pay in terms of lost customers, as people that know about this might leave the bank for others with better safeguard mechanisms, but as far as where the blame lies, it's clearly in the customer's side in this case.
Eoraptor
June 09, 2011 at 8:46am
Sounds like they are both at fault here. but sadly, the judge is responsible for determining "a winner" not actually making a good decision.
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy1 day 16 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj1 day 16 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E3 days 13 hours ago
