-
The United States Court of Appeals has confirmed BancorpSouth's lack of liability in an online banking fraud case, and even granted that the bank may seek to recover attorneys' fees from the victim.
June 16 -
A small legal case in Southern Maine could spell big trouble for banks, particularly since it suggests that even strong electronic security doesn't necessarily build a shield large enough to keep either crooks or plaintiffs away.
July 9 -
Commercial banks with large corporate clients have no room for error in guarding against attacks. Any crack in a bank's security can make it look like it has no security at all.
September 30 -
A Missouri court has found that a bank provided the right security to prevent wire transfer fraud, and the customer who declined to use it must eat the loss.
April 5
Financial institutions were handed a victory last week when the United States Court of Appeals for the Eighth Circuit
At first blush, this case appears to be the decisive win banks need to defend themselves against future lawsuits. The ruling firmly states that commercial customers actually do share risk for electronic wire fraud losses. But upon closer inspection, the triumph may not be as solid as it appears.
The unquestionably good news is that the case relieves banks from bearing the sole onus to secure online banking and affirms that customers are required to play a significant role as well. Since hackers can target customers computers as well as banks servers, customers must actively participate in fraud mitigation in order to prevent cybercrime.
Freshly armed with this new legal precedent, banks can tell their customers that resisting additional security measures could make them liable for electronic fraud losses. The court
However, banks must be mindful of how they offer additional security to customers. There appears to be a firm distinction between whether the security options are opt-in or opt-out. Before Bancorp South allowed Choice Escrow to decline the use of Dual Control, a security procedure in which one authorized user initiates a transaction and a second authenticates it, the bank required its customer to opt-out by signing a memo stating that it had been made aware of the threats to online banking, was declining the use of a security control which would mitigate those risks, and in doing so was assuming liability for any fraudulent transfers. BancorpSouths best practice stands in stark contrast to the
Banks are also likely jumping for joy because of the courts ruling that financial institutions do not have to implement a system that manually reviews every transaction to be commercially reasonable. However, this comes with a big caveat, as the fraud occurred prior to the release of Federal Financial Institutions Examination Council
This case firmly demonstrates that banks following industry best practices to deter fraud can successfully shift liability of fraudulent losses to the customer. But in order to do so, banks must properly educate their customers about the risks of online banking and carefully document all of its efforts and communications. As with customers that choose apathy over security, banks that fail to do the extra work will find themselves cutting six-figure checks when corporate account takeover occurs.
Ryan Elmer is the national director of eBankSafe by Total Networx, a fraud-deterrence line designed to mitigate the risk of corporate account takeover and electronic wire fraud.