funsec mailing list archives
Re: [privacy] A Look At The Pitfalls In Online Banking
From: "Dennis Henderson" <hendomatic () gmail com>
Date: Fri, 25 May 2007 16:12:53 -0500
On 5/25/07, Fergie <fergdawg () netzero net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via NBC5.com (props, Flying Hamster). [snip] An Indiana woman says she has 26,500 reasons you should pay attention to what happened to her online bank account -- and don't let it happen to yours. "Nobody called me. Nobody ever questioned the transaction. And I only found out about it when I got my bank statement," Marci Shames-Yeakal told Target 5. The transaction she referred to was $26,500 transferred from Shames-Yeakal's line of credit into her business account, then wired to Hawaii.
Sounds like the bank does not have many controls in the wire area like call-backs or review-release.... People who do money movement like large wire transfers should bank with companies that do lots of wire every day. They will find many more controls and safeguards in place. Its all in how you manage your relationship with the bank. If you know you'd never wire 25K, make sure your wire limit is set much lower. Insist on other controls like PIN, callback, faxback.. all these things are there to help prevent that kind of fraud. "They found out that the wire was sent to a bank in Hawaii, to an account
in Hawaii, and then the next day, people went into that account and took the money and wired it out to Austria and it was gone," she said. Gone for good. Shames-Yeakal said she got that news in a letter from her bank, Citizens Financial Bank of Indiana and the south suburbs. Her Munster, Ind., branch told her that she had signed an agreement stating that the bank "will have no liability to you for any unauthorized payment of wire transfer using your password." The same letter stated that the bank's "security procedures were commercially reasonable." "The irony of all that is that they didn't do anything to protect us," Shames-Yeakal said. "They gave us a user ID and a password, and that's what they call their protection."
Perhaps she might be a fan of 2 factor auth now.... Parker said that the Indiana woman's story joins a growing number in which
banks appear to be taking a hard line, putting the onus on consumers to prove that they didn't cause a security breach that led to online theft.
The actions described seem a little strange, almost like an inside job, but who knows. Different banks do things differently. [snip]
More: http://www.nbc5.com/news/13382953/detail.html - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) wj8DBQFGV0y+q1pz9mNUZTMRAnP2AKDWO5PDgMAaZxNQKnG5iQlbexIgSACbBB/W OlaaCJfobjbHkDgdD+c5xkQ= =3YEh -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
_______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
Current thread:
- [privacy] A Look At The Pitfalls In Online Banking Fergie (May 25)
- Re: [privacy] A Look At The Pitfalls In Online Banking Dennis Henderson (May 25)