Company Sues Bank Over Security Practices That Resulted in Theft

By Kara Reeder | Feb 16, 2010 | Print this Page
http://www.enterprisenetworkingplanet.com/netsecur/company-sues-bank-over-security-practices-resulted-theft
Experi-Metal Inc. is suing its bank, Comerica Bank, after cyber criminals stole $560,000 from the company's account via a series of unauthorized wire transfers last year, reports Computerworld. According to the lawsuit, EMI is blaming the loss on Comerica Bank's security practices. The company also believes bank failed to heed signs that should have alerted it to the fraudulent activity.

The theft occurred after a phishing scam tricked an EMI employee into supplying the crooks with the company's online banking credentials. EMI says the only reason the phishing scam worked was because Comerica routinely sends e-mails to customers asking them to click on a link to update their security information. The company also blames the digital certificates that Comerica uses to authenticate users:

Comerica knew or should have known that the technology of the two-factor authentication procedure which it instituted in 2008 was known to be lacking in any reasonable fortification against 'man in the middle' phishing attacks.

In a similar story, the town of Poughkeepsie, N.Y., is slamming its bank, TD Bank NA, for failing to notice or stop numerous unauthorized transfers.