Court decides bank is not to blame for $440k cybertheft
Posted on 19 June 2014.
In many ways, small businesses are the perfect target for money hungry cyber crooks.

Smaller companies are unlikely to have dedicated IT employees, making it less likely they would notice a breach, or that employees with follow security policies (if they are put in place at all). On the other hand, a company's bank account is likely to hold more money than a random private person's.

Many small businesses have fallen victim to cyber theft, and some of them have tried to recoup their losses by suing the bank that didn't detect and stop the fraudulent wire transfer requests initiated by the crooks. Sometimes these lawsuits are successful, other times not.

One of the latter cases has just been concluded in Missouri, when the Court of Appeals for the Eighth Circuit decided to uphold the decision of a Missouri district court that ruled that BancorpSouth is not responsible for the losses sustained by Choice Escrow Land Title LLC, as it had implemented and recommended "commercially reasonable security measures" to the company, but the company failed to avail itself of them.

The theft in question happened in 2010, when attackers succeeded in compromising the username and password for the company's online bank account and used them to transfer $440,000 to an account in Cyprus.

But the judges sided once again with the bank, as the company had previously refused to implement the bank's recommended security precautions for wire transfers - dual control process, daily wire transfer amount limits, detection of wire transfers initiated from unrecognized devices - because it was likely inconvenient for them.

"The court found no problem with the bank's acceptance of the payment order because it was 'not so unusual that it should have raised eyebrows,'" attorney Dan Mitchell commented for Bank Info Security. "It was not the largest payment order that Choice ever had submitted and its wire transfers did not follow a general pattern and varied in size from a few thousand dollars to a few hundred thousand dollars."

The court also decided that Choice Escrow has to pay BancorpSouth's attorneys' fees.









Spotlight

Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //