So not only do you get infected as a result of being properly concerned about unauthorized transfers, you become less likely to take any real notifications seriously in the midst of the flurry of fake ones.

Like or Dislike: 0  0

-Helly

Like or Dislike: 1  0

Today I had another one-on-one with said Sr. VP and learned that to date our bank has never paid one fraudulent wire transfer in spite of several attempts by e-banking robbers. Our customers (consumer and commercial) cannot change their contact information online. It must be done in person. I’m not saying our systems are foolproof, however, we have some layers in place to protect our customers that several banks do not have.

As a financial institution we can only do so much, however, I sincerely believe our customers deserve to be the recipient of our knowledge. The knowledge shared by experts such as Terry and Brian make it so our customers are good hands provided they follow through on suggestion and recommendations, i.e. banking via Live CD.

Like or Dislike: 2  1

I do not know what to tell you. The technical Internet system has security flaws at all levels: network design, user hardware and software. Customers should be able to buy a computing box and use it in safety, but that is not our reality. Currently, banks are affected, but have little control.

Having looked at this in some depth, I see no quick fix for the system, but at least there is a fix for customers, and it is free. Those companies who would spend money on computer training should concentrate on the skills to run a Linux LiveCD when online. Maybe completing a 4 hour bank course with a LiveCD handout would lower fees or improve security response.

Banks could publish their actual damages from malware, and use that as a justification for improving security. Customers who use Microsoft Windows for banking probably deserve increased fees. I do not know how a bank could identify, technically and online, which OS is in use. But maybe they only need a customer *agreement* to use a LiveCD, and then a follow up after a loss to identify the real problem.

Some way should be found to make hardware and software vendors take the malware situation more seriously. It is not clear that competition can do that, since buyers do not get interested in security until they get in trouble, but perhaps a class action lawsuit could.

Like or Dislike: 1  2

It’s not hard to imagine a clause excluding losses that result from company insiders acting in cooperation with the cyberthieves. But that could be interpreted to apply to losses due to trojan infections acquired from email attachments, since the infection couldn’t have occurred unless an employee clicked on the attachment.

Things like health insurance are familiar and highly regulated, but when you go out to buy something like this, who would advise you? What case law would tell you how clauses in the policy will be interpreted?

I think of the early purchasers of long term care insurance who wanted to make sure they had care if they developed Alzheimers Disease, then found their insurers denied their claims because there was a clause excluding coverage for “mental illness.”

Like or Dislike: 3  2

I’m looking forward to reading these articles completely. I enjoyed the Q&A online. Your suggestions are all very solid for users to follow if they are willing to go the extra mile for security. While I agree that your suggestions will improve a customer’s security very well, the only difficulty I have is in the bank’s ability to convince customers that these steps are necessary.

As a banker, however, it’s hard to imagine that we’d be able to push this out on any grand scale without getting serious resistance from customers. Not to mention that, even after going through the trouble of setting it up, many customers would still have a “sudden need” and end up logging in from their windows PC at home on their day off and destroying the effort.

Like or Dislike: 0  0

Sounds like a distinction without a difference, John. I think it’s pretty clear that I’m drawing a line between how consumer account and business accounts are treated differently.

We can talk about UCC4 and the FFIEC’s “guidelines” all day but those are very squishy areas that from what I can tell don’t have a whole lot of consistency of meaning.

However, people understand the concept of Regulation E — that which protects consumers from losses due to fraud against their accounts. The only distinction I’m trying to make crystal clear for readers is that if you’re a business owner, these *legal* protections afforded to consumers do not cover you and you really are at the mercy of the bank.

Well-loved. Like or Dislike: 4  0