Is It Identity Theft Or A Bank Robbery, Part II: Couple Sues Bank Over Money Taken
from the i've-still-got-my-identity dept
Last month, we posted an amusing discussion (and comedy act) concerning whether or not "identify theft" was really a crime, or if it was really a bank robbery where the bank was passing off the liability for its poor authentication system onto the bank customer. Apparently, just such an argument is already playing out in the courts. Steven Hoy alerts us to a story of a couple who are suing their bank, after someone masquerading as them accessed their account and transferred $26,000 to Austria. The details of the case are a bit complex, but basically, the couple claims that the bank did not live up to basic standards in authentication, and cite the Federal Financial Institutions Examination Council's claim that notes that "single-factor authentication is inadequate and calls on banks to implement two-factor systems." Thus, the argument goes, the fault was the bank's security, and thus, the bank should be liable. The judge found that to be convincing:"In light of Citizens' apparent delay in complying with FFIEC security standards, a reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs' account against fraudulent access.... If this duty not to disclose customer information is to have any weight in the age of online banking, then banks must certainly employ sufficient security measures to protect their customers' online accounts."Chalk one up for those who believe "identity theft" is actually a "bank robbery."
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: banks, identity theft, scams, security
Reader Comments
Subscribe: RSS
View by: Time | Thread
How long until...
[ link to this | view in chronology ]
Re: How long until...
[ link to this | view in chronology ]
Re: Re: How long until...
[ link to this | view in chronology ]
At Last!
[ link to this | view in chronology ]
Re: At Last!
I hope you're right.
[ link to this | view in chronology ]
Re: At Last!
[ link to this | view in chronology ]
Re: Re: At Last!
Bank management breaking their fiduciary duty to investors and depositors by making loans with undue risk and you say they're getting screwed? You've got to be kidding.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: 3 entirely different things
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Money backed by what?
Unless I am misunderstanding your post, our money fell off the gold standard in 1933 and is effectively backed only by our self discipline. The more we print, the less it's worth.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
When Luci actually goes and educate itself about what paper money is backed by (in most cases, not precious metals) what will that make Luci?
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Class
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Weak Authentication
[ link to this | view in chronology ]
Re: Weak Authentication
[ link to this | view in chronology ]
Re: Weak Authentication
It amazes me that many of my online only bank accounts still do not permit any characters other than a-z and 0-9, don't take into account case sensitivity and actually restrict you to a maximum of 12 characters for a password.
Tell me that's because it's easier for customers and not because they have some outdated legacy system that can't cope with anything other than these rigid password requirements...
[ link to this | view in chronology ]
Gold standard? No longer.
[ link to this | view in chronology ]
-----------------
No. All three are intangible so infringe away!
"Since paper money is based upon a very real, very scarce, tangible good (precious metals), you are an idiot."
-----------------
Wow...you should probably strike the word "idiot" from your vocabulary until you actually...aren't one.
[ link to this | view in chronology ]
-----------------
No. All three are intangible so infringe away!
Your logic -> because all three share a common characteristic, they must be the same.
Using this logic could lead to many more silly comparisons
--- If she weighed the same as a duck... she's made of wood.
--- And therefore...
--- ...A witch!
[ link to this | view in chronology ]
------------------
It's not my logic, it's the "logic" regularly espoused here: IF something is intangible THAN it can't be stolen.
[ link to this | view in chronology ]
Re:
I believe you are referring to the infringement vs theft argument. When someone "steals" music, it is copyright infringement. This is a legal definition. The term "stealing music" is used in an emotional argument attempting to sway the opinion of others.
I agree that the "id theft" terminology is incorrect, if they stole my identity then I would not longer be in possession of it. However, that does not mean that it is therefore copyright infringement (music) nor is it counterfeiting (money), hence they are not the same. Identity theft is fraud. It would be nice if MSM were more precise rather than sensationalistic in their reporting.
The term "Id theft" implys that it is the individual which has been violated and therefore stands to lose something, when in fact it is the bank, credit card co, store, etc which has been defrauded. I can see why busineses like this way of looking at it. Hopefully the courts understand the true nature of the crime.
[ link to this | view in chronology ]
Is there more to this story? Are research reports now enforcable law?
If so, is it still the bank's fault for the couple to fail to apply basic internet security practices? Without establishing this fact can anyone really point blame.
Besides, one-time use tokens can still be circumvented via man-in-the-middle attacks, keyloggers, and the like. After all, most of these types of attacks can be thwarted by installing and maintaining a good anti-virus and anti-malware program. Additionally, using a safer web browser such as FireFox with an anti-phishing site plug-in.
You need all the pieces.
-------
Another thing is terribly wrong here. Did US District Judge Rebecca Pallmeyer just twist an industry research report and apply it as an enforceable law?
It seems that the FFIEC offers research and best practices. The problem is that the referenced "Security Standards" were not law, nor is it indicated that it's enforceable. But, FFIEC makes suggestions for best practices to prevent issues.
If so, this ruling really shows how clueless she is to the process of law. She comes off as a liberal judge that legislates from the bench.
[ link to this | view in chronology ]
Re: Is there more to this story? Are research reports now enforcable law?
Your point about malware raises some interesting litigation issues... hard to prove/disprove the existence of malware.
[ link to this | view in chronology ]
"Scammers have exploited the law by deceiving victims into depositing fake checks, then wiring a smaller amount back. The money the consumers deposit doesn't exist, but the money they send is very real."
http://www.consumeraffairs.com/news04/2006/06/check_scam.html
I think this is how the scam works. Someone has an account with a few dollars in it and they write you a huge check for something, claiming it's from their corporation. The check covers more than what they owe you so you write them a smaller check back. However, their account has insufficient funds and the bank will cover the initial overdraft check so the check would clear at first. The person never pays the bank what they owe, they close the account, but they do cash your real check. Eventually, when the bank figures that this person does not intend to pay it back what is owed, the check bounces and you owe the bank the money. So you gave this person money but they didn't give you anything back. You are stuck with the loss. The person uses what you gave them to pay overdraft fees and they're in the clear. If you want the money you have to track the entity down and sue them. It should be the BANK that should have to deal with this since the check cleared.
Or, there should be a way for me to tell that not only did the check clear, but it cleared without overdrafting, before someone writes a lesser check back to cover the change owed back.
[ link to this | view in chronology ]
Re:
http://whocallsme.com/Phone-Number.aspx/447035928245
http://www.thelpa.com/lpa/forum-thre ad/156995/trust-worthy.html
Be aware of these scams.
[ link to this | view in chronology ]
Re: (check scam)
Say the check claims to be a direct cashiers check from First Bank Of Mumbai on third street or some other far away place. You deposit it and your bank, assuming that you want that money right away, makes the funds available to you (after all, you have never been this dumb before).
You send the check, more often a wire transfer or bank draft Back to them, or cash, goods, etc, back to mr scammer. All this time you bank has been sitting on this check, waiting to process it in bulk with all its other checks for overseas or that country. Tick tock, tick tock, still waiting. You sent the goods, made the transfer or whatever. Now, Finally, your bank gets around to sending some stuff around.. Oops, they got a message back that, not only does that account not exist, the Bank does not even exist.
Quicker to cover their mistake then take measures earlier, they snap all the money back out of your account. If you already did something with it.. well, too bad. Its all slurped back out, in theory to be returned once this little snafu is fixed.. but it wont be fixed, because..
The authorities (if there are any this week) in the "responsible" area don't really care about this, so any business complaints from your bank fall on deaf ears. If you manage to get the FBI involved.. well, the country still does not care (and the FBI wouldn't be that eager to try helping anyhow, because you are the hundredth shmuck this week to call them about this)
So now you are minus money or goods, And, fun enough, the bank will keep you on their records of trying to cash bad overseas checks, the kind of record that will linger.
The other ways this scam works are worse, of course. "oh i just need a couple of those numbers off the bottom of your check so i can wire the money to your bank account for that laptop" means "Give me your account information and my totally corrupted friend will use his bank (that exists only on paper) to register a transfer from your account to a few hundred fake accounts and then to me.. thanks. and while I'm at it, I'm going to take out a few dozen student loans, car applications and mortgages in your name with the other info you gave me.. plus, thanks for the new laptop"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Nah man, that's totally lame, identities want to be free, maaaaaan. Like, all our identities are totally standing on the backs of giants right? So how could, like, anyone own it? Y'know? Whoa...that wall just winked at me. Holy shit I'm on TV! Why am I on TV? Oh right, reflections, whoa...
[ link to this | view in chronology ]
It is both a Floor wax and a dssert topping.
It is both. They steal your identity and then steal your money from the bank. The first allows the second. If you steal a gun and rob a bank with it then you have committed two crimes.
[ link to this | view in chronology ]
Re: It is both a Floor wax and a dssert topping.
[ link to this | view in chronology ]
About time
Just the other day I made some purchases and didn't have to sign because the charges were under $25. I couldn't believe it. I guess it okay to make it easier to steal someone elses money if it's only $25. It's not like they check those signatures anyway, but why make it even easier?
[ link to this | view in chronology ]
if the bank gives money to someone it shouldn't
[ link to this | view in chronology ]
Bank is liable
[ link to this | view in chronology ]
Tpical users would not put up with the hassle of 2 factor authentication
http://en.wikipedia.org/wiki/Two-factor_authentication
http://www.rsa.com/node.aspx?id =1156
***I am not affiliated with RSA in any manor, nor do I own any stock in said company.***
P...I...T...A!!!
[ link to this | view in chronology ]