Is It Identity Theft Or A Bank Robbery, Part II: Couple Sues Bank Over Money Taken
from the i've-still-got-my-identity dept
Last month, we posted an amusing discussion (and comedy act) concerning whether or not “identify theft” was really a crime, or if it was really a bank robbery where the bank was passing off the liability for its poor authentication system onto the bank customer. Apparently, just such an argument is already playing out in the courts. Steven Hoy alerts us to a story of a couple who are suing their bank, after someone masquerading as them accessed their account and transferred $26,000 to Austria. The details of the case are a bit complex, but basically, the couple claims that the bank did not live up to basic standards in authentication, and cite the Federal Financial Institutions Examination Council’s claim that notes that “single-factor authentication is inadequate and calls on banks to implement two-factor systems.” Thus, the argument goes, the fault was the bank’s security, and thus, the bank should be liable. The judge found that to be convincing:
“In light of Citizens’ apparent delay in complying with FFIEC security standards, a reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs’ account against fraudulent access…. If this duty not to disclose customer information is to have any weight in the age of online banking, then banks must certainly employ sufficient security measures to protect their customers’ online accounts.”
Chalk one up for those who believe “identity theft” is actually a “bank robbery.”
Filed Under: banks, identity theft, scams, security
Comments on “Is It Identity Theft Or A Bank Robbery, Part II: Couple Sues Bank Over Money Taken”
How long until...
How long until legislation gets put forward that protects banks from these types of lawsuits?
Re: How long until...
Betting about 30secs…
Re: Re: How long until...
I’d agree accept that no politicians are that efficient.
At Last!
The banks so regularly screw the customers is good to see one take a round in the ass! Banks are notorious for trying to pawn off responsibility on the customer! The days of “we’re the bank, so we must be right” are coming to a close.
Re: At Last!
@NullOp: “The days of “we’re the bank, so we must be right” are coming to a close.”
I hope you’re right.
Re: At Last!
HAH hardly…I just bought a home for 520K where the previous owners bought it for 700K and took out a 300k HELOC on it. They didn’t have to pay any back and already own a new home in the wife’s name. Plus, this is happening everywhere. Talk about banks getting effed in the a.
Re: Re: At Last!
HAH hardly…I just bought a home for 520K where the previous owners bought it for 700K and took out a 300k HELOC on it. They didn’t have to pay any back and already own a new home in the wife’s name. Plus, this is happening everywhere. Talk about banks getting effed in the a.
Bank management breaking their fiduciary duty to investors and depositors by making loans with undue risk and you say they’re getting screwed? You’ve got to be kidding.
Identity SHARING…jeez. And money is only artificially valuable and artificially scarce which means it is our natural, inalienable right to find ways to copy money and then self righteously explain why we did so.
Re: 3 entirely different things
identity != music != money
Re: Re:
Since paper money is based upon a very real, very scarce, tangible good (precious metals), you are an idiot.
Re: Re: Money backed by what?
@Luci
Unless I am misunderstanding your post, our money fell off the gold standard in 1933 and is effectively backed only by our self discipline. The more we print, the less it’s worth.
Re: Re: Re:
The smallest gold coin you can get has $5 printed on it, but the gold content of that coin is worth $80-90 or more.
Re: Re: Re:
Since paper money is based upon a very real, very scarce, tangible good (precious metals), you are an idiot.
When Luci actually goes and educate itself about what paper money is backed by (in most cases, not precious metals) what will that make Luci?
Re: Re: Re: Re:
I’m guessing Luci was being sarcastic, not sure though. I’m sure Luci knows, just like anyone else, that mercantilism has been replaced by the floating system for a while now. Perhaps your irony meter needs to be checked.
Class
I call class action, I want my share of the money.
As for banks getting screwed… they’ll be bailed out. As for legislation… here in Canada where banks rule with an iron fist – it already exists.
Weak Authentication
The trouble is, if the banks insisted on stronger authentication, the customers would get annoyed at the inconvenience. So the bank gets screwed either way—its customers don’t appreciate the need for security until they become victims of fraud, and then they blame the bank for not protecting them.
Re: Weak Authentication
So you say. Our bank instituted stronger protection measures, and it only slowed us down by a couple of seconds in authentication to access our funds. Personally, I appreciate these measures. They do not inconvenience me in the least.
Re: Weak Authentication
That sounds just like the nonsense reasoning a bank would use for not putting in place secure measures.
It amazes me that many of my online only bank accounts still do not permit any characters other than a-z and 0-9, don’t take into account case sensitivity and actually restrict you to a maximum of 12 characters for a password.
Tell me that’s because it’s easier for customers and not because they have some outdated legacy system that can’t cope with anything other than these rigid password requirements…
Gold standard? No longer.
Luci, you’re the idiot. Our money hasn’t been backed by anything of substance in over 50 years. It’s all smoke and mirrors and a gentleman’s agreement that the stuff has value. It’s what made everyone so spooked when the latest bubble popped: there is no wizard, no spoon and noone’s wearing any goddamned pants. There are no assets, we’re not rich as Midas and the Dollar isn’t worth a Lira.
“identity != music != money”
—————–
No. All three are intangible so infringe away!
“Since paper money is based upon a very real, very scarce, tangible good (precious metals), you are an idiot.”
—————–
Wow…you should probably strike the word “idiot” from your vocabulary until you actually…aren’t one.
“identity != music != money”
—————–
No. All three are intangible so infringe away!
Your logic -> because all three share a common characteristic, they must be the same.
Using this logic could lead to many more silly comparisons
— If she weighed the same as a duck… she’s made of wood.
— And therefore…
— …A witch!
“Your logic -> because all three share a common characteristic, they must be the same.”
——————
It’s not my logic, it’s the “logic” regularly espoused here: IF something is intangible THAN it can’t be stolen.
Re: Re:
and now you play with semantics
I believe you are referring to the infringement vs theft argument. When someone “steals” music, it is copyright infringement. This is a legal definition. The term “stealing music” is used in an emotional argument attempting to sway the opinion of others.
I agree that the “id theft” terminology is incorrect, if they stole my identity then I would not longer be in possession of it. However, that does not mean that it is therefore copyright infringement (music) nor is it counterfeiting (money), hence they are not the same. Identity theft is fraud. It would be nice if MSM were more precise rather than sensationalistic in their reporting.
The term “Id theft” implys that it is the individual which has been violated and therefore stands to lose something, when in fact it is the bank, credit card co, store, etc which has been defrauded. I can see why busineses like this way of looking at it. Hopefully the courts understand the true nature of the crime.
Is there more to this story? Are research reports now enforcable law?
Is it possible that Marsha and Michael Shames-Yeakel probably had a keylogger or other malware or spyware installed on their computer?
If so, is it still the bank’s fault for the couple to fail to apply basic internet security practices? Without establishing this fact can anyone really point blame.
Besides, one-time use tokens can still be circumvented via man-in-the-middle attacks, keyloggers, and the like. After all, most of these types of attacks can be thwarted by installing and maintaining a good anti-virus and anti-malware program. Additionally, using a safer web browser such as FireFox with an anti-phishing site plug-in.
You need all the pieces.
——-
Another thing is terribly wrong here. Did US District Judge Rebecca Pallmeyer just twist an industry research report and apply it as an enforceable law?
It seems that the FFIEC offers research and best practices. The problem is that the referenced “Security Standards” were not law, nor is it indicated that it’s enforceable. But, FFIEC makes suggestions for best practices to prevent issues.
If so, this ruling really shows how clueless she is to the process of law. She comes off as a liberal judge that legislates from the bench.
Re: Is there more to this story? Are research reports now enforcable law?
Most attacks can be foiled by a good virus scanner? You find me a virus scanner that does anything besides eat up system resources and I’ll start to agree. AVG? doesn’t do anything. McAffee? McSlow. Norton? Oh jesus don’t get me started on Symantec.
Your point about malware raises some interesting litigation issues… hard to prove/disprove the existence of malware.
How about this scam
“Scammers have exploited the law by deceiving victims into depositing fake checks, then wiring a smaller amount back. The money the consumers deposit doesn’t exist, but the money they send is very real.”
http://www.consumeraffairs.com/news04/2006/06/check_scam.html
I think this is how the scam works. Someone has an account with a few dollars in it and they write you a huge check for something, claiming it’s from their corporation. The check covers more than what they owe you so you write them a smaller check back. However, their account has insufficient funds and the bank will cover the initial overdraft check so the check would clear at first. The person never pays the bank what they owe, they close the account, but they do cash your real check. Eventually, when the bank figures that this person does not intend to pay it back what is owed, the check bounces and you owe the bank the money. So you gave this person money but they didn’t give you anything back. You are stuck with the loss. The person uses what you gave them to pay overdraft fees and they’re in the clear. If you want the money you have to track the entity down and sue them. It should be the BANK that should have to deal with this since the check cleared.
Or, there should be a way for me to tell that not only did the check clear, but it cleared without overdrafting, before someone writes a lesser check back to cover the change owed back.
Re: Re:
The reason I mention this is because someone tried this scam. It didn’t work (it almost worked) but it took me a while (and a couple of google searches) to figure out what was going on. I am just warning others so they don’t fall for the scam. Here is the scam
http://whocallsme.com/Phone-Number.aspx/447035928245
http://www.thelpa.com/lpa/forum-thread/156995/trust-worthy.html
Be aware of these scams.
Re: (check scam)
its even simpler, and more complex then that.
Say the check claims to be a direct cashiers check from First Bank Of Mumbai on third street or some other far away place. You deposit it and your bank, assuming that you want that money right away, makes the funds available to you (after all, you have never been this dumb before).
You send the check, more often a wire transfer or bank draft Back to them, or cash, goods, etc, back to mr scammer. All this time you bank has been sitting on this check, waiting to process it in bulk with all its other checks for overseas or that country. Tick tock, tick tock, still waiting. You sent the goods, made the transfer or whatever. Now, Finally, your bank gets around to sending some stuff around.. Oops, they got a message back that, not only does that account not exist, the Bank does not even exist.
Quicker to cover their mistake then take measures earlier, they snap all the money back out of your account. If you already did something with it.. well, too bad. Its all slurped back out, in theory to be returned once this little snafu is fixed.. but it wont be fixed, because..
The authorities (if there are any this week) in the “responsible” area don’t really care about this, so any business complaints from your bank fall on deaf ears. If you manage to get the FBI involved.. well, the country still does not care (and the FBI wouldn’t be that eager to try helping anyhow, because you are the hundredth shmuck this week to call them about this)
So now you are minus money or goods, And, fun enough, the bank will keep you on their records of trying to cash bad overseas checks, the kind of record that will linger.
The other ways this scam works are worse, of course. “oh i just need a couple of those numbers off the bottom of your check so i can wire the money to your bank account for that laptop” means “Give me your account information and my totally corrupted friend will use his bank (that exists only on paper) to register a transfer from your account to a few hundred fake accounts and then to me.. thanks. and while I’m at it, I’m going to take out a few dozen student loans, car applications and mortgages in your name with the other info you gave me.. plus, thanks for the new laptop”
I find this concept very convincing. Of course Identity Theft runs much deeper than this. Despite that, good point. Due to the deeper nature of this issue, though, perhaps this is a strong call to an all-out overhaul of how our identities are protected. “Bank Robbery” is not the only potentially damaging form of Identity Theft.
“perhaps this is a strong call to an all-out overhaul of how our identities are protected.”
Nah man, that’s totally lame, identities want to be free, maaaaaan. Like, all our identities are totally standing on the backs of giants right? So how could, like, anyone own it? Y’know? Whoa…that wall just winked at me. Holy shit I’m on TV! Why am I on TV? Oh right, reflections, whoa…
It is both a Floor wax and a dssert topping.
>Is It Identity Theft Or A Bank Robbery?
It is both. They steal your identity and then steal your money from the bank. The first allows the second. If you steal a gun and rob a bank with it then you have committed two crimes.
Re: It is both a Floor wax and a dssert topping.
It’s fraud
About time
This is great. Nothing makes me more angry than some bank or credit card company who tries to sell me protection for some monthly payment to protect myself against theft. My response is that I already pay for thier services via the interest rates they charge. I am not going to pay them more money to do a job they should already be required to do. It is the banks job to verify that the person spending the money is entitled to. Now, if I lost my PDA with all my passwords on it or lost my wallet and then didn’t call anyone to report the cards lost that’s another thing.
Just the other day I made some purchases and didn’t have to sign because the charges were under $25. I couldn’t believe it. I guess it okay to make it easier to steal someone elses money if it’s only $25. It’s not like they check those signatures anyway, but why make it even easier?
if the bank gives money to someone it shouldn't
The bank should be liable, plain and simple.
Bank is liable
My daughter got scammed this way. However, I went to the bank and asked at least 5 bank employees when we could safely determine if the money orders were real or fake. Their wrong answers were always 5 business days. This is wrong because money orders clearing has nothing to do with actual funds. The bank should be liable in this case because they all gave bad information to her and me. The truth is that the banks has zero risk because they will always claim you should be liable when in fact, the bank’s business used to be keeping your money safe. I argue that banks should be liable especially when they constantly give wrong information to the customer.
Tpical users would not put up with the hassle of 2 factor authentication
2 factor authentication, something you know, like a pin, and something you dont know, like a number generated in sync on a server and a device or “soft – token.”
http://en.wikipedia.org/wiki/Two-factor_authentication
http://www.rsa.com/node.aspx?id=1156
***I am not affiliated with RSA in any manor, nor do I own any stock in said company.***
P…I…T…A!!!