Security Fix - Brian Krebs
"The lawsuit is the latest to challenge whether banks are doing enough to help customers prevent losses when a virus infection, phishing attack or hacker break-in jeopardizes a company's online banking credentials, said David Johnson, a digital media lawyer with the Los Angeles law firm Jeffer Mangels Butler & Marmaro LLP.
Johnson said that under the Uniform Commercial Code, banks generally are required to maintain "commercially reasonable" methods of providing security against unauthorized payment orders." But he said just what constitutes "commercially reasonable" security practices has only recently been challenged, citing a recent court case in Illinois expected to go to trial soon in which a couple is suing their bank over $26,500 lost when cyber thieves stole the user name and password needed to access their home equity line of credit."
"The banks cannot let this situation go on or people will start to lose confidence in them." Johnson said. "If people start thinking they can lose real money when they deposit their money into the bank...that becomes a real business issue. If they're going to survive, the banks are going to have to crack down on this type of fraud and stop it, and I think they know this."