RSS Alerts

Related Links

Related Stories

  • Suffolk County National Bank hacked
    Suffolk County National Bank received a nasty Christmas present on December 24th after discovering a hack that saw over 8,000 customers' accounts compromised. The breach is estimated to have cost $351 000, it warned investors.
  • The Challenge of Security by Compliance
    Information security has become an unavoidable issue for banking and other financial services organizations globally, and recently many of these organizations have turned to compliance, regulations and industry standards to secure their data and information infrastructure. John P. Pironti reports
  • Spearphishing emails target customers of ill-equipped banks.
    The FBI has slammed poor security in financial institutions, after identifying a drastic rise in money being stolen from small to medium-sized businesses via spearphishing emails, it said in an intelligence note early this week.
  • TV presenter “wrong” after bank account scam
    The star of the popular BBC America show Top Gear has had his bank account hacked after publicly revealing his details in a newspaper article.
  • PlainsCapital settles with former customer in cyber theft incident
    Texas-based PlainsCapital Bank has reached a settlement agreement with one of its former customers, Hillary Machinery, which had more than $800 000 stolen from its corporate account by cyber criminals.

News

PlainsCapital bank sues customer in liability over account security

28 January 2010

A legal case filed by a bank against a customer in the US promises to test the liability of customers in the event of security breaches. Dallas, Texas-based PlainsCapital bank is suing a business customer, Hillary Machinery, for not taking adequate measures to protect its banking details.

Hillary, a PlainsCapital customer since 2005, had $801 000 pilfered from its account via what it says was an unauthorized wire transfer in November. The company sent a letter to the bank in December arguing that it had failed to employ security measures, and that it should be responsible for the amount lost in the wire transfer.

PlainsCapital had recovered almost $600 000 of the transfers, and declined Hillary's demand for a refund.

"PlainsCapital is entitled to enforce the wire transfer orders to the extent monies transferred or not otherwise recoverable from the beneficiaries of the orders," said the bank in a court complaint. "It is entitled to a statutory judgment that its security procedures are commercially reasonable, that it is entitled to enforce the wire transfer orders and that it has not breached its obligations under the terms of either Commercial Account Agreement or the Wire Transfer Authorization Agreement," the bank said, also claiming legal costs.

Needless to say, Hillary took a different view. "Cyber robbers exploited vulnerabilities in PlainsCapital Bank's Internet banking system and initiated fraudulent wire transfers and automated clearing house transactions and transferred money from one of Hillary Machinery Inc's commercial business accounts to multiple financial institutions and individuals in the US and overseas," the company said.

Hillary cites the guidelines issued by the Federal Financial Institutions Examination Council, which in 2005 updated its 2001 guidance on internet banking security, advising financial institutions to deploy multifactor authentication.

"When the bank gets hit by a cyber robbery through one of its customers' accounts, they quickly transfer the blame to the customer and begin a strategy of plausible deniability, essentially hiding behind a fake interpretation of what the FFIEC actually recommended," Hillary concluded.

"It is evident that the loss incurred by Hillary Machinery, Inc, although regrettable, was not the result of a cyber attack on PlainsCapital Bank," countered the bank's president, Jerry Schaffner.

A spokesperson for the bank told Infosecurity that it did use multi-factor authentication for its online transactions.

 

This article is featured in:
Compliance and Policy Identity and Access Management Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water