Business Swindled Online - Who is to Blame?

Celent will help qualify your requirements and introduce you to the vendor
Spotted a missing vendor? Use this form to alert a vendor to the Celent service
Create a vendor selection project & run comparison reports
Register to access this feature
Click to express your interest in this report
Indication of coverage against your requirements
Vendor requires PRO subscription to activate this feature
Requires research subscription, contact Celent for more info
21 October 2009
Jacob Jegher
I recently blogged about why Businesses Require Better Protection Online. The writeup was based on a warning from the FDIC that was aimed at businesses who bank online. Last week, a firm called Genlabs Corp. had $437,000 fly out of their account. Username, password, and token were compromised as fraudsters gained access to the account. Yesterday evening, Brian Krebs from the Washington Post blogged about the story and provided some additional updates. Turns out a Genlabs computer became infected with a trojan horse that, "allowed the attackers to re-write the bank's login screen as displayed on the employee's computer, so that the credentials were intercepted before they could be sent on to the bank's actual Web site." A forensics expert who examined the computer determined that standard Windows-based scanning tools were unable to detect the infection. This raises some interesting questions about who is responsible for this mishap. The fraudsters are obviously the criminals, but catching them and recovering the funds is another story. In the meantime, who is responsible for the loss of funds?
  • If Genlabs had software protection (that did not spot the infection) should they be held responsible? Would it matter if their software was up-to-date?
  • Should the anti-virus/malware software company be responsible if their tool was unable to detect the infection, but a competing software tool could (hypothetical)?
  • Should the bank be held responsible since their online security had been compromised?



It's an interesting discussion topic, and I invite you all to express your thoughts.

Insight details

Sector
Content Type
Blogs
Location
Asia-Pacific, EMEA, LATAM, North America