One Small Win For the “Little Guy”

This Blog

Home
Contact

Syndication

Published: November 10 2009, 09:00 AM
by Sumner Blount

I came across an interesting article recently that illustrates what I believe is a slight but discernible trend towards increasing regulatory accountability on the part of business. In effect, businesses are being held more accountable for providing customer environments in which they meet not only the letter, but the spirit of any given regulation.

In this case, a customer of a US-based bank had their identity stolen, and someone got into their account and wired $26,000 to a bank in Austria. When the theft was discovered, the Austrian bank refused to return the money. (Hello….Austria!.....how about some law enforcement assistance here?!!??).

The US bank claimed that the customer did not notify them early enough, so they went after the customer for the money. Interestingly, the bank’s customer agreement states that “"We will have no liability to you for any unauthorized payment or transfer made using your password that occurs before you have notified us of possible unauthorized use and we have had a reasonable opportunity to act on that notice." Of course, it is left as an exercise for the reader to determine just how someone is expected to notify them BEFORE the “possible unauthorized use” occurs!

When the customer refused to pay for the loss, the bank reported them to credit agencies and threatened the customer with foreclosure. (Dear Bank Management: It’s time for a refresher course in building your corporate image.) The customer sued back, and the issue went to court.

The court found that the bank had been negligent because they had not implemented the requirements of the FFIEC regulation, which requires two-factor authentication on certain types of financial transactions and transfers. It seems certain that such improved authentication would have prevented this significant theft.

I doubt if too many broad generalizations and conclusions can be drawn from this case. But, I’m cheered by the fact that there was fault found on the part of the bank, and that a customer was not held responsible in light of this failure. Sometimes, the beneficiary of all these regulations turns out to be the average citizen.

Share this post:

Tags: Regulations, accountability, identity theft prevention, Sumner Blount, identity theft, FFIEC

By: Sumner Blount
Sumner Blount has spent his 25-year career focused on the development and marketing of software products for a range of top-tier enterprise IT firms. Currently, he’s a Director in the Security business unit at CA. Previously he managed the large computer operating system development group at Digital...
Read More..

Comments:

No Comments

* An asterisk indicates a required field

* Name:

Website:

* Comment:

Remember Me?

Submit

CA Community

One Small Win For the “Little Guy”

Leave a comment

Leave a Comment