One Michigan judge recently decided in favor of Comerica Bank customers, holding the bank responsible for approximately $560,000 out of a total of nearly $2 million in unrecovered losses. A copy of the bench decision is available from Pierce Atwood LLP, and the firm also outlines significant highlights and observations regarding this case.
Clearly, the bank’s client, Experi-Metal, made some serious errors, but in the end, the bank paid the price. The court’s decision acknowledges that a vice president of Experi-Metal made the initial mistake of clicking on a link within a phishing email, which appeared to have been sent by Comerica but was in fact sent by a scammer. He then responded to a request for his Comerica account data, despite Comerica’s regular warnings about phishing scams and advice to never provide account information in response to an email. In doing so, the customer offered the scammer immediate online access to his company’s Comerica bank accounts. Naturally, the scammer began transferring money out of the accounts.
I’ll spare you the legalese and get to the nitty-gritty.
“The Court considered several factors as relevant to whether Comerica acted in good faith, including:
- The volume and frequency of the payment orders and the book transfers that enabled the fraudster to fund those orders;
- The $5 million overdraft created by those book transfers in what is regularly a zero balance account;
- Experi-Metal’s limited prior wire activity;
- The destinations (Russia and Estonia) and beneficiaries of the funds; and
- Comerica’s knowledge of prior and current phishing attempts.
It was the Court’s inclination to find that a bank dealing fairly with its customer, under these circumstances, would have detected and/or stopped the fraudulent wire activity earlier. Furthermore, the Court found that Comerica “fails to present evidence from which this Court could find otherwise.”
This case means that Comerica and, by extension, all banks, must adhere more closely to the FFIECs recently released supplement to its previously released guidelines on authentication in an Internet banking environment, by adding multiple layers of security.
In this case, the computer or other device the scammer used to access Comerica’s website could surely have been traced overseas and flagged for: hiding behind a proxy, device anomalies such as a time zone and browser language mismatch, past history of online scams and identity theft, and the list goes on.
Financial institutions could protect users and themselves by incorporating device identification, device reputation, and risk profiling services to keep scammers out. Oregon-based iovation Inc. offers the world’s leading device reputation service, called ReputationManager 360, and is used by leading financial institutions to help mitigate these types of risk in their online channel.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Banks Blame Cybercrime Victims for Hacking
It’s Tuesday morning after a long weekend, the bookkeeper comes in a little late but hits the books right away. She comes into your office and asks you about a series of wire transfers you made over the holiday weekend to new employees who apparently live overseas. And then your heart sinks. Because you have
- Beware of the Jury Duty Scam
Imagine getting a call from someone identifying themselves as a federal court official or U.S. Marshal, informing you that your arrest is imminent unless you pay a cost—all because you failed to respond to a jury summons (which you don’t remember getting). I’d like to think that you’d immediately smell the rotten scam here and
- Phishing Remains Popular and Effective
Phishing, where a scammer sends an email that appears to come from a trusted source in order to trick recipients into clicking malicious links, has been around for quite a while now. Although phishing has become fairly well known, the scam continues to be a successful and widely used as a method of stealing bank
- U.S. Department of State Shares Red Flags to Identify Dating Scams
Online dating scams have become a worldwide issue. A study presented at the annual meeting of the British Psychological Society in London found that people with strong romantic beliefs who idealize their romantic partners are most likely to fall victim to online dating scams. Meanwhile, the U.S. Department of State has posted an advisory warning
- Feds Catch Carder
WE DO NOT SELL DUMPS. DO NOT EMAIL OR CALL US. WE DO NOT SELL DUMPS “Carders” are the people who test and sell credit card details (most likely phished) to other individuals who carry out the actual credit card fraud. Carders are the most visible of criminals who distribute and sell stolen data to whoever is willing
Leave a Comment
You must be logged in to post a comment.