COURT FINDS BANK LIABLE IN CYBERTHEFT

June 22nd, 2011

Internet Banking Theft

In a potential watershed case, A Michigan court has found Dallas-based Comerica Bank liable for over half a million dollars in fraudulent wire transfers executed by cyberthieves.

The thieves used stolen electronic banking credentials to wire over $1.9 million out of the accounts of Experi-Metal Inc., a custom metals shop that sells stamped parts to the automotive industry. The bank was able to reverse or otherwise recover $1.34 million from the fraudulent transfers, leaving Experi-Metal with a loss of over $560,000.

Unlike other cases of this type heretofore, the judge has found the bank to be liable for the unrecovered fraudulent transfers, but for reasons not pertaining to the level of their electronic banking security technology. In this case, 97 individual wire transfers were made within a five-hour period, many to bank accounts in Russia and Estonia. The basis of the judges ruling was that the bank had failed to deal with its customer in “good faith”, saying, “A bank dealing fairly with its customer, under these circumstances, would have detected and/or stopped the fraudulent wire activity earlier.” You may read the judge’s entire opinion here.

Though the judge has yet to determine how much Comerica will have to pay, the case has raised eyebrows within the cyberlaw community because of its potential to set a very important precedent. If the ruling stands on appeal, banks will almost certainly act strongly to limit as much as possible their liability in such cases.

InterComputer’s Trusted Banking solution is designed expressly to prevent the compromise of electronic identities and communications between banks and their clients, and insure against losses from cybercrime of any kind.

Tags: , , ,
Posted in Banking Industry, Computer Crime | No Comments »


COURTS FAVORING BANKS IN CYBERCRIME LAWSUITS

June 8th, 2011

cyberjustice

In one of several closely watched cases around the country, a district court in Maine has received a recommendation from a magistrate that, if adopted, will make it more difficult for businesses who are victims of on-line banking cybercrime to sue their bank for having inadequate electronic security measures.

Patco Construction Co. of Sanford, Maine was hit by cyberthieves for $588,000 in fraudulent wire transfers after those thieves stole the company’s online banking credentials using a “Trojan horse” malware application. Ocean Bank successfully blocked or reversed over $243,000 of the fraudulent transfers, but Patco’s net loss was still over $345,000. The bank then took most of the remaining money in Patco’s account to cover the unmitigated fraudulent transfers.

Patco sued the bank for providing inadequate security measures for its on-line banking services, which allowed thieves to access Patco’s accounts using little more than a username and password.

The magistrate’s recommendation to the court, received on May 27, 2011, would deny Patco’s motion for a summary judgment in their favor. Such a ruling would give tacit approval to the notion that username/password security (also known in the industry as “two-factor security”) is legally adequate to protect banks from losses when their online banking systems are breached.

To learn more about the critical differences between two-factor and three-factor security, click here.

To learn more about the Patco vs. Ocean Bank case, click here.

InterComputer’s Trusted Banking solution is designed expressly to prevent the compromise of electronic identities and communications between banks and their clients, and insure against losses from cybercrime of any kind.

Tags: , , , ,
Posted in Banking Industry, Computer Crime | No Comments »


FBI GROUP ON CYBERCRIME: “WE’RE LOSING THE BATTLE”

September 29th, 2010

cyber-criminal

“The criminals are absolutely ripping us to shreds. We’re not even slowing them down. We’re losing the battle. That’s the reality of it.”

Strong words from Chris Mark of ProPay, spoken at a recent meeting of Infragard, and FBI program connecting businesses with federal and local crime agencies.

Business owners were told that the ” online harvesting” of credit card numbers and other transaction data is exploding in scale. Mark went on to say that organized criminal enterprises from foreign countries, mostly in Eastern Europe, have the resources to defeat nearly every cyber-protection businesses have put in place. This is true even for businesses who specialize in providing payment services to other businesses.

The cyber criminals are so confident of their ability to steal at will that they have even attempted to extort “protection money” from some payment processing companies, such as ProPay.

At the Infragard meeting, Special Agent Jim McTighe (who runs the FBI’s Salt Lake City office) was heard to say, “Frankly, I think my days of on-line banking are over.”

The need for InterComputer’s comprehensive, insured on-line transaction solutions is greater than ever and growing fast.

Tags: , ,
Posted in Banking Industry, Computer Crime | No Comments »


ELECTRONIC MEDICAL RECORD THEFT RISES

September 13th, 2010

EMR

A recent report jointly issued by the United States Secret Service and the Verizon Business RISK team states that cyber attacks on medical record systems increased substantially in 2009, and will probably continue to increase in the future.

Recent data from the Office for Civil Rights of the federal Health and Human Services Department shows that in 2010 to date, over 150 health care entities have reported EMR breaches affecting more that 4 million patients altogether.

The Secret Service/Verizon report lists a number of causes for hundreds of breach events, ranging from external hacking to social tactics to internal fraud and abuse. The number one cause of all data breaches? Stolen credentials. InterComputer’s core technologies, including patent-pending electronic identity and role/authority provisioning, eliminate the problem of stolen credentials.

InterComputer’s Secure EMR Exchange solution systematically eliminates those causes and delivers automated regulatory and legal protection for hospitals, doctors, and insurers. This solution is the only solution carrying underwritten insurance coverage in case of any system malfunction or cybercrime.

Tags: , ,
Posted in Computer Crime, Electronic Medical Records | No Comments »


E-BANDITS HIT CA ESCROW COMPANY FOR NEARLY HALF A MILLION DOLLARS

July 27th, 2010

in-escrow-sign3

Redondo Beach-based firm Village View Escrow was recently hit for $465,000 by thieves who hijacked the company’s bank account electronically.

The cyber-thieves sent a fraudulent e-mail to the owner and to her assistant. Both women opened the e-mail, which secretly released a password-stealing virus onto their respective computers. Armed with the banking login information for both women, the hackers deactivated the customary advisory service and used the requisite two login credentials to issue electronic instructions to the escrow company’s bank to wire out various amounts of money to various other accounts. In total, 26 wire transfers were ordered, all of which were executed because of the two (apparently) legitimate login credentials. No confirming advisory messages for each transfer were sent to the escrow company because the cyber-thieves had disabled that notification feature using the stolen login credentials.

Some 20 individuals around the world received the wired money and re-transmitted it to the cyber-thieves after withholding a portion as payment for their services. Such intermediaries are known in the business as “mules”, and are often clueless about the criminal nature of their involvement in the scheme.

Working frantically after the theft was discovered, the escrow company owner managed to get $70,000 of the fraudulent wire transfers reversed. That left a $395,000 shortfall which the bank will not reimburse. The escrow owner had to take a loan to cover the shortfall at 12%, and can not even draw a salary as she tries to put the company back on its feet.

Several of the features built into InterComputer’s Trusted Banking solution would have stopped the illicit use of legitimate banking credentials before any wire transfers could have been ordered by the cyber-thieves.

Tags: ,
Posted in Banking Industry, Computer Crime | No Comments »


THE OTHER SHOE DROPS: BRAZEN CYBER CRIMINALS ROB BANK

June 2nd, 2010

In most reported cyber crimes involving theft of funds, the victim is a small business or municipality. In a rare case, cyber thieves recently stole money directly from a credit union’s internal funds.

On May 20, Treasury Credit Union of Salt Lake City, Utah, became the victim of more than 70 unauthorized transfers from internal accounts. All the transfers were in amounts under $5000, but the total stolen was “in the low six figures”.

blogpic

The FBI is investigating the case, in which many of the transfers were actually executed by “money mules”, i.e., people recruited for that specific purpose. Some of the “mules” were apparently unwitting about the criminal nature of their activity. The “brains” behind this type of cyber crime are often located in Eastern Europe (in this case, Ukraine).

The key to the crime was the furtive planting of a “Trojan horse” program on the computer of one of the credit union’s employees. That malware program forwarded the employee’s on-line banking credentials (user name, password, etc.) to the criminals in the Ukraine, who used them in an orchestrated manner to steal as much money as possible before the crime was discovered and halted.

InterComputer’s Trusted Banking solution is designed expressly to prevent the compromise of electronic identities and communications in electronic banking and insure against losses from cyber crime of any kind.

Tags: , ,
Posted in Banking Industry, Computer Crime | No Comments »


NEW FEDERAL LAW EXPANDS HEALTH INFORMATION SECURITY REQUIREMENTS

April 29th, 2010

The American Recovery and Reinvestment Act of 2009 (ARRA) expands the privacy protections for health information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

On April 17, 2010, the Department of Health and Human Services (HHS) released guidance on technologies and methodologies for securing legally protected health information (PHI), which takes effect immediately.

Until now, HIPAA’s privacy and security requirements applied only to health care providers, health insurance plans and health care clearinghouses. Now those requirements (and the penalties for non-compliance) also apply directly to third-party administrators and other vendors.

The act significantly increases civil penalties for violations. Maximum penalties are $10,000 per violation, with a cap of $250,000 for multiple violations during the calendar year. The penalties apply to all violations after the date of enactment. Health and Human Services will periodically audit covered entities and will investigate covered entities upon receiving a complaint.

Effective immediately, state attorneys general can bring civil actions in federal court against covered entities seeking injunctions against violations and can sue for damages on behalf of state residents.

InterComputer’s Trusted Health Information solution prevents the compromise of electronic identities and communications between health care providers, insurance companies, other vendors, and patients, and insure against losses and regulatory penalties from cybercrime of any kind.

medical_01

Tags: , , , ,
Posted in Computer Crime, Electronic Medical Records | No Comments »


CYBERTHIEVES HIT MISSOURI DENTAL PRACTICE FOR $200K

April 1st, 2010

steve-martin-dentist

Yes, this IS going to hurt a bit.

On March 22, cyberthieves penetrated a computer at the Smile Zone dental practice in Springfield, MO, and transferred over $200,000 from the practice’s bank account in 11 different transfers.

The investigation is ongoing, but it appears likely the thieves used an application of ZeuS, Zbot, or SpyEye crimeware to hijack the computer and instigate the wire transfers. “Money mules”, people who knowingly or unknowingly serve as relay stations for money transfers, were also involved in this crime.

Banks reliably deny any liability when their customers’ online banking credentials are stolen or compromised. Unlike consumers, who enjoy legal limitations on cybercrime losses, businesses can only try to reverse the illegal transfers and hope for the best. If the illegal transfers are not undone within the first 24 hours, the likelihood of recovering the stolen money falls dramatically.

In this particular case, the bank only required a user name and password to conduct online banking transactions. That information was, apparently, easily hijacked by the thieves, who then posed as the dental practice and wired the money out.

InterComputer’s Trusted Banking solution is designed expressly to prevent the compromise of electronic identities and communications between banks and their clients, and insure against losses from cybercrime of any kind.

Tags: ,
Posted in Banking Industry, Computer Crime | No Comments »


BANK SUES VICTIMIZED CUSTOMER OVER CYBERCRIME

March 29th, 2010

When cyberthieves stole more than $800,000 from the accounts of a machine equipment company in Texas, one might expect the victim to seek redress from their bank. To date, such compensation for electronic banking losses has been exceedingly rare as banks have carefully avoided setting such a precedent. A number of victims have sued their banks in an attempt to recover their losses, but in this case the bank has set a new precedent: it has preemptively sued the victim.

InterComputer’s Trusted Banking solution is designed to prevent cybercrimes such as this case.

For more on this story, click here.

Tags: , ,
Posted in Banking Industry, Computer Crime | No Comments »


ON-LINE BANKING SECURITY – HOW MANY FACTORS ARE ENOUGH?

March 3rd, 2010

On-line banking security is increasingly the subject of news reports of various types of cybercrime, usually involving electronic identity theft and the illegal transfer or diversion of funds from the victim’s bank account. As the problem grows in size, legal challenges are increasingly attempting to hold banks liable for losses from such crimes. Banks are, of course, very reluctant to accept such liabilities and are battling the problem with both legal and technological strategies.

Typically, banks are offering “two-factor authentication” as a de facto industry standard for on-line banking security. The following video, provided by ZD Net, clearly explains what two-factor security is and how it works:

The problem with two-factor security is that hackers have now discovered how to defeat it in real-time. The following article from the MIT Technology Review details an actual case where a construction company lost almost half a million dollars to such an attack:

http://www.technologyreview.com/computing/23488/?a=f

The authentication of a customer’s electronic identity and the correct application of the customer’s authority limits are the very reasons for on-line banking security. If either objective is not reached, the system has failed and the results can be disastrous.

InterComputer’s fully-insured InterOperating System (IOS) begins with a three-factor approach adding something the user is (a biometric measurement) in addition to something he knows and something he has. This approach, combined with many other design, architectural and procedural factors, combine to create an electronic “trusted path” and result in InterComputer’s IOS being the only underwritten electronic transaction system commercially available today.

To learn more about InterComputer’s Trusted Banking solution, click here.

Tags: , ,
Posted in Banking Industry, Computer Crime | No Comments »


« Older Entries