Slashdot Mirror

← Back to Stories (view on slashdot.org)

Who's Really Responsible In Online Banking Fraud?

Posted by timothy on from the firefox-did-it dept.

TheRealStyro writes "According to this article a Miami businessman is suing a bank because of a fraudulent fund transfer possibly caused by the coreflood virus/trojan. He claims the bank is responsible because the bank failed to protect him from known online banking risks. It is obvious that this guy should have had an anti-virus package active, but shouldn't the bank have questioned such a large transfer to a republic of the former Soviet Union (these republics having gained the unfortunate notoriety of being dens of villainy and hackerdom)?"

11 of 463 comments (clear)

  1. Those damn monkeys! by Rodrin · · Score: 5, Funny

    I told you not to lock them in a room with computers. This is EXACTLY what I said would happen. *shrugs and walks off*

    --
    FuckTheFuckingFuckers.com - Post your th
  2. Looks like... by jez9999 · · Score: 5, Funny

    ... Slashdot is making a bold new move in its use of story formatting.

    --
    == Jez ==
    Do you miss Firefox? Try Pale Moon.
  3. wtf? "villainy and hackerdom"? by Doomie · · Score: 5, Informative

    Have you people ever been to Latvia (the country in question)? It is by no means a country of "villainy and hackerdom", it is a member of the European Union, for God's sake! I sometimes have the feeling that many /. readers are still in the Cold War era with their mindsets. Even the article mentions how Latvia is "known" for its "cybercriminals" (and Latvia, mind you, is a very small country, compared to behemoths like Russia or Ukraine, where the real bulk of "cybercriminals" from the ex-USSR resides).

    PS: And, yes, if you're wondering, I come from one of those "notorious" ex-URSS republics (Moldova to be more precise).

    --
    Doomie
    1. Re:wtf? "villainy and hackerdom"? by Doomie · · Score: 5, Insightful

      If you want to change the reputation these countries have, maybe you should encourage their government to take out the garbage and promote their strengths.

      I think that you still didn't get my point -- Latvia is in the EU and is not, therefore, marred by rampant corruption or a careless government. Other ex-URSS countries -- Ukraine, Moldova, Russia, Belarus -- and so on have a loooong way until they reach the standards of Latvia (or the Baltic countries in general) in terms of quality of life, (lack of) corruption, etc. To be fair, Latvia has a long way until reaching the standards of the Scandinavian countries, for instance, but that's another discussion.

      What I was "protesting" against is simply the automatic labeling of all possible "dens" for "cybercriminals" as such. Some countries are different than what your local newspaper -- or ignorance -- might imply.

      --
      Doomie
  4. Strong Authentication by markus_baertschi · · Score: 5, Insightful

    Over here in Switzerland all banks use a strong authentication scheme to make sure only the owner of an account can get in. My UBS account has a challenge/response system (needs a special calculator and account-specific chipcard). My two other banks use a one-time pad where the same code is only valid for a single login. When the old pad is almost finished they just send a new one.

    Simple passwords are just not safe enough on the internet. Unfortunately in the real world the real joe user is just not able to make absolutely sure that no cheating is going on.

    The banks should at least take a part of the blame if they are too lazy to implement something safe.

    Markus

  5. Cooling Off For New Transfer Destinations by Boricle · · Score: 5, Interesting
    Here in Australia, one of my financial institutions have recently changed their transfer policies so that transfers to a new destination (ie, one that you have not already transferred to) are "held" for 48 hours before the transfer completes (compared to overnight for regular transfers).

    I believe that this is to facilitate a few things, such as:

    * Easier to rollback "Oops, Wrong Account Number" problems.
    * Easier to prevent the channelling of money to accounts from pishing victims (rough guess, if destination account is receiving several transfers in 24 hours, then raise red flag).

    Of course, the cynical side of me thinks that its just an excuse for the bank to use the money on the short term money market for an extra 24 hours. ;)

    Boris.

  6. What happened to BofA $0 Liability? by mjh · · Score: 5, Interesting
    This guy's bank is Bank of America. Here's a notable quote from the BofA Website:
    $0 liability

    With our Online Banking service, you can be confident that your Bank of America accounts will be secure and protected. We guarantee $0 liability for any unauthorized activity originating from Online Banking, including Bill Payment. Read Your Responsibilities for information about reporting unauthorized transactions to preserve your rights under this guarantee.

    Unless I'm missing it, I don't see anywhere that it says the customer is responsible for running virus protection. Is there some reason that I'm missing as to why this very public guarantee does not apply?
    --
    Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
  7. Re:Banks should not allow funds to be transferred. by cosmic_0x526179 · · Score: 5, Informative
    You are confusing two different systems here...

    The electronic payments within the US (possibly CA also) are handled via a system called ACH (automated clearing house). With ACH they could indeed hit your account such as that. But the ability to inject ACH debits usually requires a cooperating bank in the US (who recognizes the organization generating the electronic debits). Typical examples are mortgage payments, insurance companies and PayPal.

    For foreign transfers (such as the one talked about here), this most likely happened via SWIFT-wire. With SWIFT-wire I do not believe it is possible to pull money (i.e. via an electronic debit). The transfer has to be pushed from the sender. So my guess would be that the cybercrook here gained access to the computer (owned by the person who lost the 90K) and faked an online transfer request. Maybe the guy has always on DSL or cable and leaves his system powered up 24/7.

    At least thats my perception of what happened here. In the case of ACH fraud, I think the FBI could come down hard on the receiving bank, and who ever generated the fraudulant debits. With SWIFT-wire, its a whole different set of rules when crossing national boundries.

    --
    This msg is brought to you by the letter 'W'.. for Worthless Wuss
  8. Re:PayPal by LadyLucky · · Score: 5, Interesting
    You can actually listen to this happen. Someone recorded their conversation with them. Read about it here:

    http://paypal.ctyme.com/paypal/paypalsucks.htm

    The best bit is how PayPal allows you to record their conversations :-)

    --
    dominionrd.blogspot.com - Restaurants on
  9. Re:There is a difference by Too+Much+Noise · · Score: 5, Insightful

    Ok let me get this straight. If I transfer 90,000 to my business partner in Soviet Russia, then the bank will call the police, brand me a terrorist and throw me in jail.

    No, the bank should contact you to additionally validate the transaction if it might appear suspect - especially for this kind of money. After all, you must have given them a valid contact point, did you not?

  10. Re:Wrong on almost all counts by WarPresident · · Score: 5, Informative

    I'm not saying Paypal is without problems. Clearly they have their share. But at least make some kind of minor effort to get your facts straight.

    Yes, of course... Paypal would never wrongfully suspend accounts!

    MSNBC Article fragment:
    Millions of PayPal users received an e-mail this week offering them a chance to receive a little money just for filling out an online form -- and for once, the e-mail wasn't a fake.

    The notice tells PayPal customers that they may be eligible to receive payment as part of a class-action lawsuit settlement the eBay-owned Web signed last month. The suit alleged that, beginning in 1999, PayPal unfairly froze thousands of user accounts, preventing consumers from getting access to their money.

    In the settlement, PayPal agreed to set aside $9.25 million to compensate users who feel they were treated unfairly. The company admits no wrongdoing.

    The last time I used Paypal, there was no easy, or even relatively hard to find published number to reach anyone. From Paypalsucks.com (wielding an axe to grind):

    PayPal has so many unhappy customers, that they make it very difficult to find and use their telephone system for support. You have to ask yourself just what kind of company has such a huge service load that it has to resort to such tactics. You should also know that PayPal's hiding of it's phone number and deleting customer's emails was one of the principle issues why they agreed to pay $9.1million dollars to settle the class auction lawsuit brought on EFTA (Electronic Funds Transfer Act) violations.

    I also recall there was a WSJ or NYT interview with the founder of Paypal and he touted the limited ability of people to contact the company as a cost saving benefit.

    If you don't think I'm stating the facts, look at my moniker. These are known facts! Besides, I was shooting for funny.

    --
    Here come da fudge!