06 December 2016
Visit aciworldwide.com

Court allows suit against bank for poor online security

08 September 2009  |  12380 views  |  1 anonymous figure in front of stock exchange

A US couple who had thousands of dollars stolen from their online account have been given the go-ahead by a court to sue their bank for failing to provide adequate security.

In 2007 Marsha and Michael Shames-Yeakel fell victim to an ID thief who gained access to their Citizens Financial Bank online account and stole $26,500 from a home equity credit line.

The money was transferred, via a bank in Hawaii, to a financial institution in Austria. The Austrian bank refused to return the funds, prompting Citizens to inform the couple that they would be liable for the loss.

The Shames-Yeakel's refused to pay, leading the bank to report their account as delinquent to the national credit bureaus and threaten to foreclose on their residence.

In response, the couple sued the bank on several grounds, claiming violations of the Electronic Funds Transfer Act and the Fair Credit Reporting Act, in the northern district of Illinois.

They also accused the bank of negligence under state law for failing to adequately protect their online accounts. The plaintiffs claim that by only requiring user names and passwords to authenticate customers at log in, Citizens failed to maintain state-of-the-art security standards.

At the time of the theft, the bank was actually rolling out one-time-password generating tokens to provide two-factor authentication but the couple say it was too slow on the uptake.

The Shames-Yeakels cite a 2005 document entitled "Authentication in an Internet Banking Environment" from the Federal Financial Institutions Examination Council (FFIEC), which says single-factor authentication is inadequate and calls on banks to implement two-factor systems.

Citizens says its security measures were not the cause of the theft and says fintech vendor Fiserv, which it contracts for online banking services, including information security, has a strong reputation.

However, now, US District Judge Rebecca Pallmeyer has denied Citizens' request to dismiss the negligence claim, concluding: "In light of Citizens' apparent delay in complying with FFIEC security standards, a reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs' account against fraudulent access."

The Judge also states: "If this duty not to disclose customer information is to have any weight in the age of online banking, then banks must certainly employ sufficient security measures to protect their customers' online accounts."

Legal blogger David Johnson, who first reported the case, warns that "state and federal legislatures and regulators, as well as courts around the country, are increasingly unwilling to let businesses slack off from the cyber-security arms race".

Comments: (1)

A Finextra member
A Finextra member | 08 September, 2009, 16:24

It's about time ! More power to consumers !

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Which? criticises online banking security

Which? criticises online banking security

27 August 2009  |  10372 views  |  2 comments
Banks face legal challenge to disclose phished account details

Banks face legal challenge to disclose phished account details

26 August 2009  |  4848 views  |  0 comments
Card data exposed as Radisson Hotels becomes latest breach victim

Card data exposed as Radisson Hotels becomes latest breach victim

19 August 2009  |  8764 views  |  1 comments
Security fears scaring consumers off the Web - survey

Security fears scaring consumers off the Web - survey

12 February 2009  |  9940 views  |  2 comments
Citizens Financial pays customers to go green

Citizens Financial pays customers to go green

09 October 2008  |  6039 views  |  0 comments

Related company news

 

Related company information

Fiserv, Inc.

Related blogs

Create a blog about this story (membership required)
Visit capgemini.comFind out moreVisit aciworldwide.com

Who is commenting?

A Finextra member Finextra Member Commented on: Guesswork alone can cr...
A Finextra member Finextra Member Commented on: Guesswork alone can cr...
A Finextra member Finextra Member Commented on: Guesswork alone can cr...
A Finextra member Finextra Member Commented on: Guesswork alone can cr...

Top topics

Most viewed Most shared
Guesswork alone can crack Visa card security - Newcastle UniversityGuesswork alone can crack Visa card securi...
6788 views 12 comments | 15 tweets | 26 linkedin
OCC to offer fintech firms bank charter statusOCC to offer fintech firms bank charter st...
6344 views comments | 23 tweets | 15 linkedin
Bank CEOs fret about ROI as startups drive IT arms raceBank CEOs fret about ROI as startups drive...
6195 views comments | 17 tweets | 21 linkedin
Amazon signs up tech firms to financial services cloud programmeAmazon signs up tech firms to financial se...
6008 views comments | 14 tweets | 15 linkedin
Big tech policy group calls on Trump to promote fintech innovationBig tech policy group calls on Trump to pr...
5385 views comments | 22 tweets | 11 linkedin

Featured job

Find your next job