Re: Bank Of America - sign on process - how is this secure?

From: Barry Margolin (barmar@genuity.net)
Date: 11/27/02 

From: Barry Margolin <barmar@genuity.net>
Date: Wed, 27 Nov 2002 18:32:40 GMT

In article <3DE4FF4C.8000009@telia.com>,
Henrick Hellström <henrick@streamsec.se> wrote:
>Barry Margolin wrote:
>> If your identity is stolen as a result of this, I expect you'd have a hard
>> time proving that it was done during a transaction with this bank. So even
>> if they were liable, they could probably avoid a significant judgement
>> against them.
>
>Not necessarily. I suppose you and the bank would have an equal burden
>of proof; at least that would be the case in most jurisdictions I know
>of. It would be sufficient that there is no evidence that your password
>got stolen any other way (e.g. the contested withdrawal was made from
>the same IP you had logged in from five minutes earlier, etc).

Identity theft can happen in many different ways. I'm not a lawyer, but it
seems to me that if you accuse the bank of facilitating it, the burden
would be on you to show that it occurred as a direct result of their poor
security, not just that it *could* have.

Anyway, this seems academic to me. Just because someone else is liable is
no reason to let your guard down. If you have the Walk light at an
intersection, it's still prudent to look both ways before crossing; sure,
if someone hits you they (or their insurance company) will have to pay the
medical expenses and face criminal charges, but I'd rather not be in the
hospital in the first place. 

-- 
Barry Margolin, barmar@genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

Relevant Pages

  • Analysis - Democrats SHAME Luv Gov Spitzer; How Investigators Detect Suspicious Behavior
    ... Eliot Spitzer's downfall began with a series of suspicious bank transactions, the kind of thing investigators look for from terrorists or gangsters looking to launder money. ... Lawyers and financial regulators said there are a number of ways investigators can detect suspicious behavior from someone conducting transactions with their bank. ... Banks file two forms that help investigators detect suspicious activity: currency transaction reports, which recount any transaction larger than $10,000 in cash, and suspicious activity reports, which speaks for itself. ...
    (alt.politics)
  • Re: Great SWT Program
    ... credit card numbers as a payment key. ... with trusted software at your end the transaction you were signing ... The bank will only debit you by the ... payer's account info and serial number blank; ...
    (comp.lang.java.programmer)
  • Re: Gas Company Rip-Off by "Holding Funds"
    ... merchants are very slow to close their batches - some small ones only ... That's true but none of Gar's issue has anything to with a credit card. ... You put the nozzle back up, cancel the transaction ... say that I go over my bank statements character by character but I do pay ...
    (rec.outdoors.rv-travel)
  • Re: Whats Next? A "Bank Run"????
    ... WaMu is largest U.S. bank failure ... its banking assets were sold to JPMorgan Chase & Co for $1.9 billion. ... littered with toxic mortgage debt. ... The transaction gives JPMorgan roughly 5,400 branches, and fulfills ...
    (alt.gathering.rainbow)
  • RE: Portents of VMS death
    ... > transaction to the IBM mainframe in the toronto head office. ... when using Bank A card at Bank ... > Tandem is what routes the transaction over). ...
    (comp.os.vms)