Slashdot Mirror

← Back to Stories (view on slashdot.org)

Who's Really Responsible In Online Banking Fraud?

Posted by timothy on from the firefox-did-it dept.

TheRealStyro writes "According to this article a Miami businessman is suing a bank because of a fraudulent fund transfer possibly caused by the coreflood virus/trojan. He claims the bank is responsible because the bank failed to protect him from known online banking risks. It is obvious that this guy should have had an anti-virus package active, but shouldn't the bank have questioned such a large transfer to a republic of the former Soviet Union (these republics having gained the unfortunate notoriety of being dens of villainy and hackerdom)?"

9 of 463 comments (clear)

  1. Banks should not allow funds to be transferred... by DoorFrame · · Score: 4, Interesting

    I went to my bank the other day to see if I could put a hold on all transfers of money coming out of my account with the exception of those going to two (and only two) credit card companies. Specifically I wanted to block all money going OUT to my paypal account (I only use the account to receive funds). They said they were not able to stop companies from transferring money out of my account if they had the proper information to do so.

    What the hell?

    Why not demand pre-verfication on this sort of thing? Why not give the option to request a phone call confirmation of fund transfers, especially when the funds aren't simply going to Visa or the gas company? Or just allow me to set up a list of comanies/websites that are permitted to transfer funds out of my account. There's no reason the banks can't set this up, it's not very difficult. If anyone knows of a national bank that has an option for something like this, I'd be glad to hear about it.

    Bank of America does not.

    --

    --
    RumorsDaily
  2. Antivirus software by ecalkin · · Score: 3, Interesting

    might have detected Coreflood. I went to symantec and their AV seems to know about it (and several variants), so in *theory*, it would have been caught/removed.

    Coreflood seems to allow remote access, so a *firewall* might have helped.

    now, the *real* question: If it was indeed coreflood, did someone (a real person) surf his files looking for account info, did all (most, alot, ect) of his files get downloaded, or did coreflood have enough smarts to look for the account info.

    I can't see how this is the fault of his bank except that maybe 'fraud detection' didn't work too well, but I don't know what it looks for. I see idiots like this guy all the time. 'No I don't want to pay for Antiviral, Antispyware, Firewall, Backups, etc'

    eric

  3. Cooling Off For New Transfer Destinations by Boricle · · Score: 5, Interesting
    Here in Australia, one of my financial institutions have recently changed their transfer policies so that transfers to a new destination (ie, one that you have not already transferred to) are "held" for 48 hours before the transfer completes (compared to overnight for regular transfers).

    I believe that this is to facilitate a few things, such as:

    * Easier to rollback "Oops, Wrong Account Number" problems.
    * Easier to prevent the channelling of money to accounts from pishing victims (rough guess, if destination account is receiving several transfers in 24 hours, then raise red flag).

    Of course, the cynical side of me thinks that its just an excuse for the bank to use the money on the short term money market for an extra 24 hours. ;)

    Boris.

  4. No by temojen · · Score: 4, Interesting
    I'm betting if the Bank had called him questioning the transfer the story would be is the bank violating his privacy rights by questioning transfers.

    Phoning someone and asking them if they really did make a transfer is not an invasion of privacy as the customer should already know about it, and the bank definitely does.

    I've gotten this kind of call before, and I'm glad of it... In my case though, I really had made a withdrawl in one city, then a $2000 interac purchase in annother city 2 hours later, then another interac transaction a few hours later in the first city.

  5. Re:Banks should not allow funds to be transferred. by Znork · · Score: 4, Interesting

    Any online bank that doesnt use offline one-time keys as transaction verification is insecure and vulnerable to client computer hacking.

    The technology to solve the problem is available, and many banks use it, so frankly I'd say any bank which does not offer such an option should be held at least partially responsible for losses incurred through lax security policies.

  6. What happened to BofA $0 Liability? by mjh · · Score: 5, Interesting
    This guy's bank is Bank of America. Here's a notable quote from the BofA Website:
    $0 liability

    With our Online Banking service, you can be confident that your Bank of America accounts will be secure and protected. We guarantee $0 liability for any unauthorized activity originating from Online Banking, including Bill Payment. Read Your Responsibilities for information about reporting unauthorized transactions to preserve your rights under this guarantee.

    Unless I'm missing it, I don't see anywhere that it says the customer is responsible for running virus protection. Is there some reason that I'm missing as to why this very public guarantee does not apply?
    --
    Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
  7. There is a difference by cOdEgUru · · Score: 4, Interesting

    An ATM limits you by preventing the amount you can withdraw from the account (upto 300).

    A Wire transfer of 90,000 to a country which is known in Financial circles to be a haven to cybercriminals should have sent up some flags.

    Heck, I spent over a grand on a credit card transaction, Discover used to call me up and "harass" me. Why? Because they stand to lose money if its a fraudulent transaction.

    Why didnt BOA do the same? Coz it aint their money? Safeguards are only built in when its your ass on the line.

    --
    Rapid Nirvana
  8. Re:PayPal by LadyLucky · · Score: 5, Interesting
    You can actually listen to this happen. Someone recorded their conversation with them. Read about it here:

    http://paypal.ctyme.com/paypal/paypalsucks.htm

    The best bit is how PayPal allows you to record their conversations :-)

    --
    dominionrd.blogspot.com - Restaurants on
  9. fscking BoA... by quarkscat · · Score: 3, Interesting

    Preface:
    Ever since 9/11/2001, the states have taken
    some righteous blame for the ease with which
    fraudulent driver's licenses have been issued.
    Here in the Commonwealth of Virginia, the DMV
    (Dept. of Motor Vehicles) now requires proof
    of occupancy in the state before issuing new
    driver's licenses.

    Tale of BoA Ineptness:
    I was surprised to find correspondence from
    BoA in my mailbox addressed to a person I do
    not know, and who has never lived at my street
    address. It appeared to contain a booklet of
    either "starter" checks or else a loan payment
    book. Within days, a second package arrived
    that was just like the first one. I returned
    both back to my local US Post Office with the
    complaint that the party that the mail was
    addressed to did not reside at my home. With
    typical USPS aplomb, this mail was re-delivered
    to me. (WTF?)

    In the same mail, yet another letter from BoA
    arrived. By the feel of it, it contained a
    credit card, debit card, or ATM card. I wrote
    a letter of explanation and complaint and then
    mailed the entire lot back to BoA's originating
    address. No news back from BoA. Then 2 weeks
    later, a CS letter and another "credit/debit/ATM"
    card arrived, from Dallas, TX this time instead
    of Houston, TX. Again, I wrote a second letter
    of explanation and complaint to BoA's 2nd
    originating address, along with the new letters
    addressed to my phantom room mate. No news
    back from BoA -- no letter, email, or phone call.
    The next correspondence that I received from
    BoA was their CS department in North Carolina.
    I sent yet another cover letter to BoA, along
    with their latest correspondence. BoA never,
    ever tried to contact me (no thanks, let alone
    any mere acknowledgement of receipt).

    The final letter I received from them came
    nearly a month later, also from BoA CS, also
    addressed to my phantom room mate. My last
    cover letter back with their CS letter was,
    shall we say, somewhat rude. Nonetheless,
    perhaps it was my rudeness that actually got
    some attention from these flaming idiots.

    Identity theft has been (IMHO) partially
    usurped by "Address Theft" in an attempt
    by illegal aliens to establish residency
    required to obtain driver's licenses. I would
    advise readers of this prose to never leave
    mail out for pickup by the postman -- drop
    outgoing mail at the post office or postal box.
    Also, it wouldn't be a bad idea to purchase
    a secure (approved) mailbox for your mail.
    Times have changed, and not for the better.

    My personal opinion of BoA dropped into the
    basement with this exchange of correspondence,
    and with BoA's totally clueless behavior. I
    wouldn't do business with this bunch of clowns,
    ever, any more than I would respond to an urgent
    "419" letter from Nigeria.