A Missouri company was of the opinion that they had every right to sue a bank in order to recover\u00a0$440,000 stolen from them by a cyberheist in 2010. As it turned out, the appellate court did not only\u00a0find it unwarranted for the firm to sue the bank, it also ruled that the bank\u2019s legal fees be covered by\u00a0the plaintiff. It is highly unlikely that cyberheists victims will be running to court with similar cases.<\/p>\n
The Bancorp South Inc. which is located in Tupelo City in Missouri got hacked into by hackers.\u00a0The criminals stole Choice Escrow and Land Title LLC\u2019s online banking Username and password.\u00a0These credentials were then used to make illegal wire transfers amounting to $440,000 to a Cyprus-based corporate bank account.<\/p>\n
At the time when the cyber heist was being carried out, the bank\u2019s best online security authentication\u00a0control was \u2018dual control\u2019. This system requires one customer to have one ID and password in order\u00a0to approve the transfer and a separate set of ID and password to release the transfer. A customer\u2019s\u00a0other online transaction choice at that time was to perform both the approval and release functions\u00a0of a wire transfer using one set of ID and password.<\/p>\n
In 2005, Federal Financial Institutions Examination Council (FFIEC) required that all financial\u00a0institutions stop using a single-factor authentication online security control system. The council\u00a0argued that this control system was inadequate especially for the high-risk transactions like wire\u00a0transfers which often involve moving large sums of money. Choice Escrow\u2019s legal representatives\u00a0argued on this premise.<\/p>\n
The initial trial court was unmoved by the cyberheist\u2019s argument. When they pursued the case in an\u00a08th Circuit Court of Appeals they still weren\u2019t successful. In fact, the court now favored the\u00a0defendants.<\/p>\n
Dan Mitchell who is a lawyer chairing the data security practice at Bernstein Shur in Portland said\u00a0that the ruling definitely favored the bank more than the actual victim. However as he adds, the\u00a0bank had offered the customer two security authentication options \u2013one where they could use\u00a0single-factor authentication and the other where they could use dual-factor security controls. The\u00a0bank had advised the customers on these two options and the customer went ahead to make an\u00a0informed choice of picking the single-factor control. The bank definitely documented this and it is\u00a0what the appellate court based its ruling on.<\/p>\n
It is obvious that companies that get robbed of their hard earned monies from their bank accounts\u00a0by cybercriminals have little room to argue their case in the courts today.<\/p>\n","protected":false},"excerpt":{"rendered":"
A Missouri company was of the opinion that they had every right to sue a bank in order to recover\u00a0$440,000 stolen from them by a cyberheist in 2010. As it turned out, the appellate court did not only\u00a0find it unwarranted for the firm to sue the bank, it also ruled that the bank\u2019s legal fees […]<\/p>\n","protected":false},"author":2,"featured_media":3126,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[37],"tags":[55,81,62,90,48,50,91,92],"class_list":["post-7275","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-news","tag-cyber-heist","tag-cyberheist","tag-krebs","tag-legal-responsibility","tag-malware","tag-phishing","tag-recovering-cyberheist-losses","tag-small-business-cyber-heist"],"yoast_head":"\n