toggle

AAPL Stock: 123.36 ( + 0.59 )

Printed from http://www.macnn.com

Appeals court finds bank liable for $588,000 ACH theft

updated 07:30 pm EDT, Fri July 6, 2012

Security used 'commercially unreasonable,' didn't meet federal standards

The US Federal Court of Appeals for the First Circuit has reversed a lower court's decision, and found Ocean Bank (now People's United) at fault for a $588,000 "virtual robbery" in 2008 against Sandord, ME-based Patco Construction Company. Calling the bank's security systems "commercially unreasonable," the Boston-based appeals court returned some specific aspects back to the original court and judge for review, but is encouraging both parties to settle the matter out of court.

In September 2008, the construction company filed suit against the bank. Patco used online banking to make weekly payroll payments. The banking login credentials were stolen from Patco in May 2009 by the ZeuS trojan. Using the lifted data, thieves removed $588,000 in several batches from the account in automated clearing house (ACH) transfers over a week.

Ocean Bank was able to block or retrieve $243,406 of the stolen funds, leaving the construction company with a loss of $345,445. To make up for the difference between the retrieved funds, and the lost funds, Ocean Bank drew $223,237 on Patco's credit to cover the transfers. Patco sued shortly thereafter, arguing that the bank didn't provide multi-factor authentications, as laid out by theFederal Financial Institiution Examination Council (FFIEC).

In the court's 43-page decision, the appeals court found Ocean Bank's fraud monitoring lacking overall. The statement clarified that "when it had warning that such fraud was likely occurring in a given transaction, Ocean Bank neither monitored that transaction nor provided notice to customers before allowing the transaction to be completed. Because it had the capacity to do all of those things, yet failed to do so, we cannot conclude that its security system was commercially reasonable."

Charisse Castagnoli, a bank fraud expert and security consultant, said the decision could open the door to lawsuits from small businesses similarly robbed because of inadequate or outdated security procedures. Furthermore, she said that the appeals court didn't address what the victim's obligations for maintaining security in the case that bank security fails, such as a requirement for timely balance checks and responses to bank notifications. "At the same time, you can't be a sloppy or naive customer," added Castagnoli, "as the court is clearly looking for the customer to behave with some understanding of what the bank is doing with their money."




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

15-inch MacBook Pro with Force Touch

Apple's 15-inch Retina MacBook Pro continues to be a popular notebook with professional users and prosumers looking for the ultimate ...

Typo keyboard for iPad

Following numerous legal shenanigans between Typo -- a company founded in part by Ryan Seacrest -- and the clear object of his physica ...

Entry-level 27-inch Retina iMac

The 27-inch Apple iMac with 5K Retina display is already one of the best value-for-money Macs that Apple has ever released. It was som ...

toggle

Most Commented