Is Your Bank Responsible For Not Warning You About Keyloggers?
from the seems-like-a-stretch dept
We’ve spoken before about the Steve Dallas school of “sue whoever has the most money, even if they’re obviously not at fault” way of thinking. It appears that someone in Florida who was scammed out of $90,000 is using the same tactic in suing Bank of America for allowing him to be a victim of a keylogging attack. It’s not entirely clear what happened, but investigators found some kind of trojan horse program on his PC, and they assume that allowed a keylogging program to be installed. From that, someone got his bank account info and transferred $90,000 out of his account and sent it to Latvia. While the guy is obviously a victim of fraud, instead of going after those who actually committed the crime, he’s suing Bank of America for not warning him that bad people might try to steal his money. Maybe he should his parents, too, for not teaching him that some people aren’t very nice. Bank of America, for their part, should be trying to help this guy get back his money, but it’s unclear how they should be blamed for the crime.
Comments on “Is Your Bank Responsible For Not Warning You About Keyloggers?”
Huh?
It was my impression from the story that he was more concerned about the bank not noticing that after years of small transactions to Central/South America (I forget which already), suddenly a $90,000 transaction to Easter Europe pops up out of nowhere and they did nothing to confirm it before leaving him poor.
Re: Huh?
I agree with this statement. Bank of America should not of blindly approved such a huge transfer of funds without any confirmation. I agree that was his gripe as well, which I think is very valid.
Re: Huh?
Lopez’s legal case is that Bank of America knew of the risk posed by the Coreflood Trojan but failed to inform customers.
That seems to be focused on the fact that they didn’t warn him about a keylogger… However, he is also looking at whether or not a flag should have been raised, which is a more valid complaint. While I do believe the bank could have done a better job, it’s not clear what they did is illegal.
Re: Re: Huh?
Mike,
I disagree on this one. Think about the implications of your approach. Anyone with significant assets in any type of online-accessible account would be wise to immediately terminate online access, as the customer would bear all risk of being hacked. This is bad for the banks, which love the move to online, as it greatly reduces their overhead costs. They don’t want online banking to be useable only by the top 1% of technophiles.
If you leave your checkbook laying around and someone forges your signature, you’re not liable. Why should this be different?
The bank has the power to implement state of the art systems and processes to minimize its damages and also can insure against these risks for pennies. The consumer cannot do so nearly as easily or cheaply. The decision to allow online transactions was one once taken most seriously and carefully (witness how Fidelity went about it cautiously a number of years ago). It still should be.
This is a classic case of setting up a poor system and blaming the customer for the loss. My prediction: the bank will cover the loss because they are stone-cold losers in court, and should be.
If they wire transfer 90k of a customer’s money to Latvia based on:
UserID: peanuts
password: snoopy1
they absolutely should bear the risk. I can’t find out the balance of my cable TV bill over the phone without being interrogated with numerous questions. Transferring 90k should be 100 times harder.
Re: Re: Re: Huh?
Hmm. I think people are misreading what I wrote. I DO think that BOA should be more responsible in helping this guy recover his losses.
What I’m objecting to is the idea that they’re guilty BECAUSE THEY DIDN’T WARN HIM THAT KEYLOGGERS WERE OUT THERE. That’s it. That’s what the lawsuit claims. That’s the part I have a problem with.
Re: Re: Re:2 Huh?
I think the lawyer is just smart and is framing the issue as narrowly as possible. Courts do try to stick to settled principles, and the duty to warn of a known risk is well established in tort law.
Many legal issues that appear ridiculous on their face actually make sense when seen through this prism. The lawyer owes it to his client to make the easiest legal argument to win.