Posts Tagged ‘banking’

Law Week Colorado, April 20, 2015   LW-CannabisBanking

CannabisBanking.JPLW G


Read Full Post »

In Shames-Yeakel v. Citizens Financial Bank (U.S.D.C., Northern District of Illinois, Case No. 07-c-5387) the court held that a couple whose bank account was hacked over the Internet can sue their bank for its failure to implement state-of-the-art Internet security measures.  Marsha and Michael Shames-Yeakel of Crown Point, Ind. lost $26,000 from their home equity account to an on-line hacker who breached the bank’s security system and looted their account.   In what must be one of the worst customer-service decisions in recent memory, the bank tried to make the Shames-Yeakel’s pay the bank for the loss, and when they refused, the bank reported them as delinquent to the credit reporting bureaus and threatened to foreclose on their home.

Predictably, the Shames-Yeakel’s sued the bank for everything their lawyer could think of, including negligence for failing to maintain a reasonable on-line security system.   Although, the judge dismissed several of the other claims, she allowed the negligence claim against Citizens to stand.  Citizens’ security used only passwords and user names, the same as logging into an e-mail account.  This security method is known as “single-factor identification”, and the Federal Financial Institutions Examination Council had previously published a paper titled “Authentication in an Internet Banking Environment” which said that single-factor identification is not adequate on-line security for banking activities.  The Shames-Yeakel’s, relying in part on the FFIEC guidance, argued that Citizens should have utilized “multifactor identification” which checks against multiple data points to identify a user logging on to the service, and uses “token” technology which generates a new pass code for every log-in or identifies a user’s specific computer.

The Court held that “in light of Citizens’ apparent delay in complying with FFIEC security standards, a reasonable finder of fact could conclude that the bank breached its duty to protect plaintiffs’ account against fraudulent access.”

Banks who have delayed updating their Internet banking security systems are now advised that they may well be liable for negligence if their customers’ accounts are compromised.

Read Full Post »