Is It Identity Theft Or A Bank Robbery, Part II: Couple Sues Bank Over Money Taken

from the i've-still-got-my-identity dept

Last month, we posted an amusing discussion (and comedy act) concerning whether or not "identify theft" was really a crime, or if it was really a bank robbery where the bank was passing off the liability for its poor authentication system onto the bank customer. Apparently, just such an argument is already playing out in the courts. Steven Hoy alerts us to a story of a couple who are suing their bank, after someone masquerading as them accessed their account and transferred $26,000 to Austria. The details of the case are a bit complex, but basically, the couple claims that the bank did not live up to basic standards in authentication, and cite the Federal Financial Institutions Examination Council's claim that notes that "single-factor authentication is inadequate and calls on banks to implement two-factor systems." Thus, the argument goes, the fault was the bank's security, and thus, the bank should be liable. The judge found that to be convincing:
"In light of Citizens' apparent delay in complying with FFIEC security standards, a reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs' account against fraudulent access.... If this duty not to disclose customer information is to have any weight in the age of online banking, then banks must certainly employ sufficient security measures to protect their customers' online accounts."
Chalk one up for those who believe "identity theft" is actually a "bank robbery."


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    reboog711 (profile), Sep 11th, 2009 @ 6:58pm

    How long until...

    How long until legislation gets put forward that protects banks from these types of lawsuits?

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    NullOp, Sep 11th, 2009 @ 7:23pm

    At Last!

    The banks so regularly screw the customers is good to see one take a round in the ass! Banks are notorious for trying to pawn off responsibility on the customer! The days of "we're the bank, so we must be right" are coming to a close.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Sep 11th, 2009 @ 7:41pm

    Re: How long until...

    Betting about 30secs...

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    interval, Sep 11th, 2009 @ 8:51pm

    Re: At Last!

    @NullOp: "The days of "we're the bank, so we must be right" are coming to a close."

    I hope you're right.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Sep 12th, 2009 @ 12:37am

    Identity SHARING...jeez. And money is only artificially valuable and artificially scarce which means it is our natural, inalienable right to find ways to copy money and then self righteously explain why we did so.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Meoip, Sep 12th, 2009 @ 3:43am

    Class

    I call class action, I want my share of the money.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    ..., Sep 12th, 2009 @ 6:26am

    Re: 3 entirely different things

    identity != music != money

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    brendy, Sep 12th, 2009 @ 10:28am

    Re: At Last!

    HAH hardly...I just bought a home for 520K where the previous owners bought it for 700K and took out a 300k HELOC on it. They didn't have to pay any back and already own a new home in the wife's name. Plus, this is happening everywhere. Talk about banks getting effed in the a.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Bruce E, Sep 12th, 2009 @ 12:52pm

    Re: Re: At Last!

    HAH hardly...I just bought a home for 520K where the previous owners bought it for 700K and took out a 300k HELOC on it. They didn't have to pay any back and already own a new home in the wife's name. Plus, this is happening everywhere. Talk about banks getting effed in the a.
    Bank management breaking their fiduciary duty to investors and depositors by making loans with undue risk and you say they're getting screwed? You've got to be kidding.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Sep 12th, 2009 @ 1:19pm

    As for banks getting screwed... they'll be bailed out. As for legislation... here in Canada where banks rule with an iron fist - it already exists.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Lawrence D'Oliveiro, Sep 12th, 2009 @ 4:43pm

    Weak Authentication

    The trouble is, if the banks insisted on stronger authentication, the customers would get annoyed at the inconvenience. So the bank gets screwed either way—its customers don’t appreciate the need for security until they become victims of fraud, and then they blame the bank for not protecting them.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Luci, Sep 12th, 2009 @ 7:17pm

    Re:

    Since paper money is based upon a very real, very scarce, tangible good (precious metals), you are an idiot.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Luci, Sep 12th, 2009 @ 7:19pm

    Re: Weak Authentication

    So you say. Our bank instituted stronger protection measures, and it only slowed us down by a couple of seconds in authentication to access our funds. Personally, I appreciate these measures. They do not inconvenience me in the least.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Gyffes, Sep 12th, 2009 @ 9:20pm

    Gold standard? No longer.

    Luci, you're the idiot. Our money hasn't been backed by anything of substance in over 50 years. It's all smoke and mirrors and a gentleman's agreement that the stuff has value. It's what made everyone so spooked when the latest bubble popped: there is no wizard, no spoon and noone's wearing any goddamned pants. There are no assets, we're not rich as Midas and the Dollar isn't worth a Lira.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Sep 13th, 2009 @ 5:21am

    "identity != music != money"
    -----------------

    No. All three are intangible so infringe away!

    "Since paper money is based upon a very real, very scarce, tangible good (precious metals), you are an idiot."
    -----------------

    Wow...you should probably strike the word "idiot" from your vocabulary until you actually...aren't one.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    ..., Sep 13th, 2009 @ 6:46am

    "identity != music != money"
    -----------------
    No. All three are intangible so infringe away!


    Your logic -> because all three share a common characteristic, they must be the same.

    Using this logic could lead to many more silly comparisons
    --- If she weighed the same as a duck... she's made of wood.
    --- And therefore...
    --- ...A witch!

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Sep 13th, 2009 @ 6:50am

    Re: Weak Authentication

    That sounds just like the nonsense reasoning a bank would use for not putting in place secure measures.

    It amazes me that many of my online only bank accounts still do not permit any characters other than a-z and 0-9, don't take into account case sensitivity and actually restrict you to a maximum of 12 characters for a password.

    Tell me that's because it's easier for customers and not because they have some outdated legacy system that can't cope with anything other than these rigid password requirements...

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    spinsheet (profile), Sep 13th, 2009 @ 7:37am

    Money backed by what?

    @Luci

    Unless I am misunderstanding your post, our money fell off the gold standard in 1933 and is effectively backed only by our self discipline. The more we print, the less it's worth.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Sep 13th, 2009 @ 7:41am

    Re: Re:

    The smallest gold coin you can get has $5 printed on it, but the gold content of that coin is worth $80-90 or more.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Sep 13th, 2009 @ 7:51am

    "Your logic -> because all three share a common characteristic, they must be the same."
    ------------------

    It's not my logic, it's the "logic" regularly espoused here: IF something is intangible THAN it can't be stolen.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    ..., Sep 13th, 2009 @ 9:02am

    Re:

    and now you play with semantics

    I believe you are referring to the infringement vs theft argument. When someone "steals" music, it is copyright infringement. This is a legal definition. The term "stealing music" is used in an emotional argument attempting to sway the opinion of others.

    I agree that the "id theft" terminology is incorrect, if they stole my identity then I would not longer be in possession of it. However, that does not mean that it is therefore copyright infringement (music) nor is it counterfeiting (money), hence they are not the same. Identity theft is fraud. It would be nice if MSM were more precise rather than sensationalistic in their reporting.

    The term "Id theft" implys that it is the individual which has been violated and therefore stands to lose something, when in fact it is the bank, credit card co, store, etc which has been defrauded. I can see why busineses like this way of looking at it. Hopefully the courts understand the true nature of the crime.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Sep 13th, 2009 @ 10:44am

    Is there more to this story? Are research reports now enforcable law?

    Is it possible that Marsha and Michael Shames-Yeakel probably had a keylogger or other malware or spyware installed on their computer?

    If so, is it still the bank's fault for the couple to fail to apply basic internet security practices? Without establishing this fact can anyone really point blame.

    Besides, one-time use tokens can still be circumvented via man-in-the-middle attacks, keyloggers, and the like. After all, most of these types of attacks can be thwarted by installing and maintaining a good anti-virus and anti-malware program. Additionally, using a safer web browser such as FireFox with an anti-phishing site plug-in.

    You need all the pieces.

    -------
    Another thing is terribly wrong here. Did US District Judge Rebecca Pallmeyer just twist an industry research report and apply it as an enforceable law?

    It seems that the FFIEC offers research and best practices. The problem is that the referenced "Security Standards" were not law, nor is it indicated that it's enforceable. But, FFIEC makes suggestions for best practices to prevent issues.

    If so, this ruling really shows how clueless she is to the process of law. She comes off as a liberal judge that legislates from the bench.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Sep 13th, 2009 @ 11:35am

    How about this scam

    "Scammers have exploited the law by deceiving victims into depositing fake checks, then wiring a smaller amount back. The money the consumers deposit doesn't exist, but the money they send is very real."

    http://www.consumeraffairs.com/news04/2006/06/check_scam.html

    I think this is how the scam works. Someone has an account with a few dollars in it and they write you a huge check for something, claiming it's from their corporation. The check covers more than what they owe you so you write them a smaller check back. However, their account has insufficient funds and the bank will cover the initial overdraft check so the check would clear at first. The person never pays the bank what they owe, they close the account, but they do cash your real check. Eventually, when the bank figures that this person does not intend to pay it back what is owed, the check bounces and you owe the bank the money. So you gave this person money but they didn't give you anything back. You are stuck with the loss. The person uses what you gave them to pay overdraft fees and they're in the clear. If you want the money you have to track the entity down and sue them. It should be the BANK that should have to deal with this since the check cleared.

    Or, there should be a way for me to tell that not only did the check clear, but it cleared without overdrafting, before someone writes a lesser check back to cover the change owed back.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Sep 13th, 2009 @ 12:21pm

    Re:

    The reason I mention this is because someone tried this scam. It didn't work (it almost worked) but it took me a while (and a couple of google searches) to figure out what was going on. I am just warning others so they don't fall for the scam. Here is the scam

    http://whocallsme.com/Phone-Number.aspx/447035928245

    http://www.thelpa.com/lpa/forum-thre ad/156995/trust-worthy.html

    Be aware of these scams.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Ben, Sep 13th, 2009 @ 12:50pm

    I find this concept very convincing. Of course Identity Theft runs much deeper than this. Despite that, good point. Due to the deeper nature of this issue, though, perhaps this is a strong call to an all-out overhaul of how our identities are protected. "Bank Robbery" is not the only potentially damaging form of Identity Theft.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Sep 13th, 2009 @ 2:38pm

    "perhaps this is a strong call to an all-out overhaul of how our identities are protected."

    Nah man, that's totally lame, identities want to be free, maaaaaan. Like, all our identities are totally standing on the backs of giants right? So how could, like, anyone own it? Y'know? Whoa...that wall just winked at me. Holy shit I'm on TV! Why am I on TV? Oh right, reflections, whoa...

     

    reply to this | link to this | view in thread ]

  27.  
    icon
    Tek'a R (profile), Sep 13th, 2009 @ 5:22pm

    Re: (check scam)

    its even simpler, and more complex then that.

    Say the check claims to be a direct cashiers check from First Bank Of Mumbai on third street or some other far away place. You deposit it and your bank, assuming that you want that money right away, makes the funds available to you (after all, you have never been this dumb before).

    You send the check, more often a wire transfer or bank draft Back to them, or cash, goods, etc, back to mr scammer. All this time you bank has been sitting on this check, waiting to process it in bulk with all its other checks for overseas or that country. Tick tock, tick tock, still waiting. You sent the goods, made the transfer or whatever. Now, Finally, your bank gets around to sending some stuff around.. Oops, they got a message back that, not only does that account not exist, the Bank does not even exist.

    Quicker to cover their mistake then take measures earlier, they snap all the money back out of your account. If you already did something with it.. well, too bad. Its all slurped back out, in theory to be returned once this little snafu is fixed.. but it wont be fixed, because..

    The authorities (if there are any this week) in the "responsible" area don't really care about this, so any business complaints from your bank fall on deaf ears. If you manage to get the FBI involved.. well, the country still does not care (and the FBI wouldn't be that eager to try helping anyhow, because you are the hundredth shmuck this week to call them about this)

    So now you are minus money or goods, And, fun enough, the bank will keep you on their records of trying to cash bad overseas checks, the kind of record that will linger.

    The other ways this scam works are worse, of course. "oh i just need a couple of those numbers off the bottom of your check so i can wire the money to your bank account for that laptop" means "Give me your account information and my totally corrupted friend will use his bank (that exists only on paper) to register a transfer from your account to a few hundred fake accounts and then to me.. thanks. and while I'm at it, I'm going to take out a few dozen student loans, car applications and mortgages in your name with the other info you gave me.. plus, thanks for the new laptop"

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    alternatives(), Sep 13th, 2009 @ 5:51pm

    Re: Re:

    Since paper money is based upon a very real, very scarce, tangible good (precious metals), you are an idiot.

    When Luci actually goes and educate itself about what paper money is backed by (in most cases, not precious metals) what will that make Luci?

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Anonymous Coward, Sep 13th, 2009 @ 7:07pm

    Re: Re: Re:

    I'm guessing Luci was being sarcastic, not sure though. I'm sure Luci knows, just like anyone else, that mercantilism has been replaced by the floating system for a while now. Perhaps your irony meter needs to be checked.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Anonymous Coward, Sep 14th, 2009 @ 2:38am

    Re: Is there more to this story? Are research reports now enforcable law?

    Most attacks can be foiled by a good virus scanner? You find me a virus scanner that does anything besides eat up system resources and I'll start to agree. AVG? doesn't do anything. McAffee? McSlow. Norton? Oh jesus don't get me started on Symantec.

    Your point about malware raises some interesting litigation issues... hard to prove/disprove the existence of malware.

     

    reply to this | link to this | view in thread ]

  31.  
    icon
    imbrucy (profile), Sep 14th, 2009 @ 6:10am

    Re: Re: How long until...

    I'd agree accept that no politicians are that efficient.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Anonymous Coward, Sep 14th, 2009 @ 6:36am

    It is both a Floor wax and a dssert topping.

    >Is It Identity Theft Or A Bank Robbery?

    It is both. They steal your identity and then steal your money from the bank. The first allows the second. If you steal a gun and rob a bank with it then you have committed two crimes.

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Nate, Sep 14th, 2009 @ 7:00am

    About time

    This is great. Nothing makes me more angry than some bank or credit card company who tries to sell me protection for some monthly payment to protect myself against theft. My response is that I already pay for thier services via the interest rates they charge. I am not going to pay them more money to do a job they should already be required to do. It is the banks job to verify that the person spending the money is entitled to. Now, if I lost my PDA with all my passwords on it or lost my wallet and then didn't call anyone to report the cards lost that's another thing.

    Just the other day I made some purchases and didn't have to sign because the charges were under $25. I couldn't believe it. I guess it okay to make it easier to steal someone elses money if it's only $25. It's not like they check those signatures anyway, but why make it even easier?

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    Known coward, Sep 14th, 2009 @ 8:55am

    if the bank gives money to someone it shouldn't

    The bank should be liable, plain and simple.

     

    reply to this | link to this | view in thread ]

  35.  
    identicon
    vastrightwing, Sep 14th, 2009 @ 10:02am

    Bank is liable

    My daughter got scammed this way. However, I went to the bank and asked at least 5 bank employees when we could safely determine if the money orders were real or fake. Their wrong answers were always 5 business days. This is wrong because money orders clearing has nothing to do with actual funds. The bank should be liable in this case because they all gave bad information to her and me. The truth is that the banks has zero risk because they will always claim you should be liable when in fact, the bank's business used to be keeping your money safe. I argue that banks should be liable especially when they constantly give wrong information to the customer.

     

    reply to this | link to this | view in thread ]

  36.  
    icon
    weneedhelp (profile), Sep 14th, 2009 @ 2:31pm

    Tpical users would not put up with the hassle of 2 factor authentication

    2 factor authentication, something you know, like a pin, and something you dont know, like a number generated in sync on a server and a device or "soft - token."
    http://en.wikipedia.org/wiki/Two-factor_authentication


    http://www.rsa.com/node.aspx?id =1156
    ***I am not affiliated with RSA in any manor, nor do I own any stock in said company.***
    P...I...T...A!!!

     

    reply to this | link to this | view in thread ]

  37.  
    identicon
    ..., Sep 14th, 2009 @ 5:41pm

    Re: It is both a Floor wax and a dssert topping.

    It's fraud

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This