In Business ACH Account Hijacking, Legal Ruling Favors Bank

[Paul Ferguson <fergdawgster () gmail com>]

Not a good sign for business account holders in the face of increasing
targeting by ACH account hijacks via banking Trojans.

Via BankInfoSecurity.com.

[snip]

A magistrate has recommended that a U.S. District Court in Maine deny
a motion for a jury trial in an ACH fraud case filed by a commercial
customer against its former bank. According to the order [.pdf], which
must still be reviewed by the presiding judge, the bank fulfilled its
contractual obligations for security and authentication through its
requirement for log-in and password credentials.

Now Mark Patterson, president of PATCO Construction Inc., the
commercial customer in the case, says he's weighing his legal options.
"Things are not always fair, and we have to decide how long we want to
fight the fight," Patterson says. "We do feel very strongly about this
issue, but how far do we want to go?"

At issue for PATCO is whether banks should be held responsible when
commercial accounts, like PATCO's, are drained because of fraudulent
ACH and wire transfers approved by the bank. How much security should
banks and credit unions reasonably be required to apply to the
commercial accounts they manage?

 "Obviously, the major issue is the banks are saying this is the
depositors' problem," Patterson says, "but the folks that are losing
money through ACH fraud don't have enough sophistication to stop
this."

[snip]

More:
http://www.bankinfosecurity.com/articles.php?art_id=3705

Background:
http://voices.washingtonpost.com/securityfix/2009/09/construction_firm_sues_bank_af.html

FYI,

- ferg

-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.