Re: can't get to the hackers? sue the banks instead.

[phester <funsec () armorfirewall com>]

On Sun, 23 Aug 2009, The Security Community wrote:

> Didn't the press used to call it "credit card fraud" before "teh
> Internets" came along?  Calling it "identity theft" seems to shift the
> focus to the victim instead of the merchants and banks, where it
> belongs.
>
> In fact, as I recall "bank phishing" exploded at the same time
> CitiBank started those cutesy ID theft commercials (like
> http://www.youtube.com/watch?v=KERwnA8VfFM), which was roughly
> mid-2004.  It was the perfect opportunity at the time.  That ad
> campaign set people up to expect "warnings" and "alerts" from their
> banks and they fell for it en masse.
>
> It was a small step from phishing to pharming and the whole criminal
> credit card fraud industry exploded after that.
>
> Why not sue the bastards?

Exactly. It should be called "Criminally Negligent Systems 
Administration."

The banks voided their claim of protecting customer privacy when their 
negligence compromised the privacy of several millions of their customers.

One good suit can shift the burden and costs of "identity theft" back 
where it belongs, on those who failed to keep the information secure.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.