Slashdot Mirror

← Back to Stories (view on slashdot.org)

Korean Banks Forced to Compensate Hacking Victims

Posted by ScuttleMonkey on from the capitalism-at-lawpoint dept.

An anonymous reader writes "A brief story over on Finextra reveals that the Korean government is introducing new legislation that will force banks to compensate customers who have been victimized by identity theft even if the banks are not directly responsible. This action obviously will not stem identity theft but the hope is that this will push banks into security improvements that will make identity theft much harder."

7 of 154 comments (clear)

  1. No big deal by Red+Flayer · · Score: 4, Interesting

    FTA: "Under the new legislation customers will still be required to implement safety measures and won't be compensated for losses incurred from online scams if they are careless with card details, PINS and passwords." (emphasis mine)

    There's 50% of it right there.

    I'm not trolling here, I have a question:

    Does using Windows constitute being careless? How about using unpatched Windows? How about using Windows without malware scanners installed?

    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  2. Better than the Secret Service's crap here... by chroot_james · · Score: 5, Interesting

    While I was working for Harvard Law School, the Secret Service came and spoke to the different IT communities at Harvard. What they came to tell us was that if there was any security breach, they would help us minimize the damages and then went through their plan on how to do that. The plan was essentially to not scare the public, not tell anyone, and hide as much of the damage as possible and try to recover. That basically does nothing for anyone interested in *actually* knowing how safe they are.

    Kudos to to Korea having the balls to blame the people leaving the doors to security breaches WIDE open.

    --
    Reality is nothing but a collective hunch.
  3. Banks will require Trusted Computing by jreiser · · Score: 3, Interesting

    The banks will use the new rules as an excuse to require Trusted Computing [or other restricted hardware/software] for home users, which in practice will mean some form of MS Windows. No MacOS, no Linux, no BSD, etc.

  4. Re:All too brief... by TripMaster+Monkey · · Score: 3, Interesting


    Sounds like you're talking about RSA's SecurID products.

    These things are expensive to purchase and deploy. Who's gonna foot that bill? Just the users who can't get the hang of responsible computing....or all of us?

    Besides, SecureID does have its flaws...no panacea here.

    --
    ____

    ~ |rip/\/\aster /\/\onkey

  5. Holding software/service companies responsible. by Douglas+Simmons · · Score: 3, Interesting
    I'd love to see a EULA that had a line which afforded the user legal protection instead of just the typical kind that is intended exclusively to cover their ass. I read the article and there's no mention of which software was compromised, but if it's one that offers not only the software but maintenance and updates to it, be it Redhat or MS. This article doesn't mentioned whose product/service screwed up, or if it was human error on behalf of the bank. The hackers should not be the only ones to be demonized. You run an operation like this with a hole open, someone's going to break through it. I just installed snort on a small website and now the snort hack attempt email notification fills up my box faster than spam. Hacking should be expected just as rain would if the building's construction company used a form of concrete that wasn't waterproofed.

    Imagine if you owned a ski resort operation and you just dropped twenty mil on a souped-up chair lift. As the lift company advised, you hired people to go regular examinations and keep it lubed up. Then one day the stress of a chair switching from the slow loading track to the high-speed main line caused the cable to snap, killing dozens of people, including lots of pregnant women carrying pandas. Checking the line integrity was not on the company-issued checklists of the maintainers you hired but the chair lift company said they'll have a look at it every six months to run stress tests themselves and they found a problem that seemed small enough not to bother fixing. The chairlift company, hopefully insured, ought to be the ones exposed to liability, and this Korean bank incident should be no different. The software company (assuming it's not Debian (in which case this wouldn't have happened anyway)) should be the ones absorbing the heat. That may not be the law, but it strikes me as common sense.

  6. Re:All too brief... by Sangbin · · Score: 3, Interesting

    Amen brother. Just a rant, but to shed some light on the current computing environment in SK, SK gov checks the speed of the internet connection ramdomly and requires full refund to all the customers if it isn't as fast as advertised.
    Yes, gov stepping into corporate arena is a bad thing, but it seems to be keeping their Starcraft players happy enough.

  7. insurance? by mottie · · Score: 3, Interesting

    I may be wrong but I believe this is covered for every bank in Canada is it not? I had my card double swiped and my bank account emptied (along with 50,000 other people in Vancouver I believe). I had the money back in my account within 2 weeks. All money in a bank is insured, just like your creditcard is insured. What's the difference between this and a robber stealing money from a bank?