[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dshield
Subject:    RE: [Dshield] Banks Openly Inviting Email Fraud
From:       "Darren Gragg" <admin () bsbks ! com>
Date:       2004-02-25 21:08:01
Message-ID: !~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAKNXAguxZD0SywmcngTX2nMKAAAAQAAAA2DP8q0LtHEuNE0391cZHqAEAAAAA () bsbks ! com
[Download RAW message or body]


Darren Gragg wrote:
> 
> Jon-
> 
<SNIP!>
> being the CTO for a bank, I completely agree with your observations and
<SNIP!>

A bank CTO... good. I have a few questions for you regarding the legal
aspects 
of this issue.

  1) If someone falls for a bogus bank web site scam and their bank account
     is pillaged, is the customer protected against the loss?
I do not think that the FDIC coverage is for any type of loss due to
anything other than the bank failing.  Most banks that have any idea of what
they are doing have some type of internet based insurance coverage for these
types of issues.  I do feel that unless the bank has done their "due
diligence" on educating their customers, they should be responsible for the
loss.

  2) If someone hacks one of your customer's computers that uses the bank's
     software for on-line banking, and uses that software to transfer money
     out of the customer's account, is the customer protected against the
loss?(We had a customer [military family] a few years ago whose computer was
hacked and someone accessed their on-line banking software and used it
	to transfer money out of the country. At the point in time that we
told
	the customer that they needed to get NIS to handle the now criminal
     hacking investigation, the bank was saying that they were not
responsible
     for the loss because the customer had allowed their computer to become
     infected with a worm that gave hackers access to their computer, and it
     was thus negligence on the customer's part and the bank was not
responsible
     for the loss. We never did hear the outcome of the case.)
If you are speaking of some type of PC banking (i.e. software the bank
provides to be able to bank from home, not a website) then the bank would
not be responsible.  Once the bank sells the software or provides it, the
contracts that we have says the customer is responsible for that pc
security.  Now I completely agree that is a waste of time because the home
user can't possibly come anywhere close to securing a machine right.

  3) Do Federally chartered vs State chartered banks have different
liability rules in these cases? How about banks vs thrifts vs credit unions
-- are they any different?
Well I am not completely for sure on that.  I don't think that Federal vs.
State would have a lot of difference.  Banks vs. Credit Unions I would bet
would have a lot of difference as there is difference in most other aspects
of the relationships.  This question I am not completely for sure about.
Anything else I can help with ask away.

Darren Gragg
Chief Technology Officer
Bennington State Bank

_______________________________________________
list mailing list
list@dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic