US Court rules a bank can be sued for their failure to adopt multi-factor authentication

Late last month an Illinois District Court ruled a bank can be sued for their failure to adopt multi-factor authentication and concluded the bank breached its duty to protect the Plaintiffs' account against fraudulent access, and if the bank's failure to adopt multi-factor authentication caused fraudulent access to plaintiffs' account, it could be held liable for negligence.

In 2007, a hacker gained access to the plaintiffs' online accounts by using the plaintiffs’ username and password. The hacker ordered a $26,500 advance on the plaintiffs’ home equity line of credit, which was transferred to a bank in Austria. When the theft was discovered and the funds traced, the Austrian bank refused to return the money.

Citizens Bank notified the plaintiffs that it intended to hold them liable for the harm. The online banking agreement between Citizens and the plaintiffs stated "We will have no liability to you for any unauthorized payment or transfer made using your password that occurs before you have notified us of possible unauthorized use and we have had a reasonable opportunity to act on that notice." Citizens billed the plaintiffs for the $26,500, and when failed to pay the balance on time, Citizens reported the account as delinquent to credit bureaus, and threatened to foreclose on their home, if the plaintiffs continued to refuse to make payments.

The plaintiffs sued Citizens, claiming that the bank's actions violated the Fair Credit Reporting Act (15 U.S.C. § 1681, et seq.), the Truth in Lending Act (15 U.S.C. § 1601, et seq.), the Electronic Funds Transfer Act (15 U.S.C. § 1693 et seq.) and constituted common law negligence.

The Court ruled, "In light of Citizens' apparent delay in complying with FFIEC security standards, a reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs' account against fraudulent access[,]" and if the bank's failure to adopt multi-factor authentication caused fraudulent access to plaintiffs' account, it could be held liable for negligence.”

follow the source link for more

10 Dumbest mistakes network managers make

culled from Verizon Business analysis of 90 major security breaches

 

  1. Not changing default password on all network devices
  2. Sharing a password across multiple network devices (and departments)
  3. Failing to find SQL coding errors 
  4. Misconfiguring your access control lists
  5. Allowing non-secure remote access and management software
  6. Failing to test non-critical applications for basic vulnerabilities
  7. Not adequately protecting servers from malware
  8. Failing to configure your routers to prohibit unwanted outbound traffic
  9. Not knowing where credit card or other critical customer data is stored
  10. Not following the Payment Card Industry (PCI) Data Security standards

W3C examines the next generation of speech technology

[nik's note:]

The W3C on Tuesday said the next generation of VoiceXML will include specifications for speaker verification.

"Speaker verification and identification is not only the best biometric for securing telephone transactions and communications, it can work seamlessly with speech recognition and speech synthesis in VoiceXML deployments," Ken Rehor, newly elected chairman of the VoiceXML Forum, said in a statement.
The W3C has now completed its desired requirements for VoiceXML 3.0 and expects to have a working draft of the specifications by the end of the first quarter, said James Larson, co-chair of the W3C Voice Browser Working Group.
In addition to the speaker identification requirements for VoiceXML 3.0, the W3C addressed the issue of extending its Speech Synthesis Markup Language (SSML) functionality to certain languages including Mandarin, Japanese and Korean.

[click heading for more]

Biometric security to drive $7.3 billion in five years

A new study by ABI Research concludes that biometric-security applications will account for $7.3 billion of spending in 2013, up from about $3 billion this year. Fingerprint recognition will continue to be the dominant form of biometric identification, but face-, iris-, hand-, and speech-recognition will also play roles. Importantly, the biometric vendor community will benefit as facility operators realize the value of combining multiple types for increased security. [click heading for more]