Re: [privacy] A Look At The Pitfalls In Online Banking

["Dennis Henderson" <hendomatic () gmail com>]

On 5/25/07, Fergie <fergdawg () netzero net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Via NBC5.com (props, Flying Hamster).
>
> [snip]
>
> An Indiana woman says she has 26,500 reasons you should pay attention to
> what happened to her online bank account -- and don't let it happen to
> yours.
>
> "Nobody called me. Nobody ever questioned the transaction. And I only
> found
> out about it when I got my bank statement," Marci Shames-Yeakal told
> Target
> 5.
>
> The transaction she referred to was $26,500 transferred from
> Shames-Yeakal's line of credit into her business account, then wired to
> Hawaii.



Sounds like the bank does not have many controls in the wire area like
call-backs or review-release....

People who do money movement like  large wire transfers should bank with
companies that do lots of wire every day. They will find many more controls
and safeguards in place. Its all in how you manage your relationship with
the bank. If you know you'd never wire 25K, make sure your wire limit is set
much lower. Insist on other controls like PIN, callback, faxback.. all these
things are there to help prevent that kind of fraud.





"They found out that the wire was sent to a bank in Hawaii, to an account
> in Hawaii, and then the next day, people went into that account and took
> the money and wired it out to Austria and it was gone," she said.
>
> Gone for good.
>
> Shames-Yeakal said she got that news in a letter from her bank, Citizens
> Financial Bank of Indiana and the south suburbs. Her Munster, Ind., branch
> told her that she had signed an agreement stating that the bank "will have
> no liability to you for any unauthorized payment of wire transfer using
> your password."
>
> The same letter stated that the bank's "security procedures were
> commercially reasonable."
>
> "The irony of all that is that they didn't do anything to protect us,"
> Shames-Yeakal said. "They gave us a user ID and a password, and that's
> what
> they call their protection."



Perhaps she might be a fan of 2 factor auth now....




Parker said that the Indiana woman's story joins a growing number in which
> banks appear to be taking a hard line, putting the onus on consumers to
> prove that they didn't cause a security breach that led to online theft.




The actions described seem a little strange, almost like an inside job, but
who knows. Different banks do things differently.




[snip]
> More:
> http://www.nbc5.com/news/13382953/detail.html
>
> - - ferg
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.1 (Build 1012)
>
> wj8DBQFGV0y+q1pz9mNUZTMRAnP2AKDWO5PDgMAaZxNQKnG5iQlbexIgSACbBB/W
> OlaaCJfobjbHkDgdD+c5xkQ=
> =3YEh
> -----END PGP SIGNATURE-----
>
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
> Engineering Architecture for the Internet
> fergdawg(at)netzero.net
> ferg's tech blog: http://fergdawg.blogspot.com/
>
> _______________________________________________
> privacy mailing list
> privacy () whitestar linuxbox org
> http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
_______________________________________________
privacy mailing list
privacy () whitestar linuxbox org
http://www.whitestar.linuxbox.org/mailman/listinfo/privacy