Construction company, bank, settle dispute over $345,000 cyber heist
Both had sought to hold the other responsible for theft
Computerworld - A Maine construction company that sued its bank after losing $345,000 in an online banking heist has settled its dispute after a protracted legal battle that raised questions about the bank's responsibility in protecting customer accounts against cyber fraud.
The settlement between Patco Construction and People's United Bank (formerly Ocean Bank) comes about four months after the U.S. Court of Appeals for the First Circuit faulted the bank's security measures at the time of the theft and advised the two sides to work out a compromise.
Bankinfosecurity.com, which was the first to report the settlement, quoted Patco's co-owner Mark Patterson as saying that the bank has agreed to reimburse the company's losses from the theft. No other details of the settlement were released.
Court records show that the two sides agreed to dismiss the case on Nov. 19. Neither Patterson nor People's United responded to requests for comment on the settlement.
Patco, a family-owned construction company in Sanford, Maine, sued Ocean Bank in 2009 after online crooks believed to be operating in Europe siphoned close to $590,000 in a series of unauthorized Automated Clearing House (ACH) transfers.
About $243,000 was later recovered after the fraud was detected. Patco sued Ocean Bank for the remaining money claiming that the theft was the result of the bank's failure to implement reasonable security measures as defined under the Uniform Commercial Code (UCC).
The lawsuit charged Ocean Bank with negligence and breach of contract for failing to detect and stop the unauthorized ACH transfers even though they were clearly fraudulent. Patco claimed in its lawsuit that the bank should have noticed that the fraudulent transfers were for much higher amounts than the company's usual transactions and were being sent to an unfamiliar overseas bank account.
Patco also faulted Ocean Bank for not implementing stronger authentication mechanisms, such as token-based authentication and out-of-band verification, which many banks were using at the time.
Ocean Bank, for its part, blamed Patco for the loss. The bank said the thieves were able to steal the money only because Patco had allowed them to gain access to the username and password the company used to log in to its commercial banking account.
Ocean Bank insisted that it had processed the ACH requests in good faith after it had verified that the proper IDs, passwords and answers to challenge response questions were being used to conduct the transactions.
In a ruling in May 2011, a Maine Magistrate sided with Ocean Bank and recommended that the U.S. District Court in Maine grant the bank's motions for a summary dismissal of Patco's complaints.
- Google I/O 2013's Coolest Products and Services
- 10 Star Trek Technologies That are Almost Here
- 19 Generations of Computer Programmers
- 25 Must-Have Technologies for SMBs
- A walking tour: 33 questions to ask about your company's security
- 15 social media scams
- The 7 elements of a successful security awareness program
Pilot fish accepts a contract to be the local hands-on tech to install a workstation at a local bank, and initially everything seems to go according to plan. He has everything he needs -- in fact, more than he needs.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Harness IT -- An Introduction to Business Intelligence Solutions
- Learn the key selection criteria required to provide your organization with the capability to address structured data, unstructured data and mobile demands so...
- Business Intelligence Shows its Smarts
- Today's Business Intelligence (BI) tools provide a new way to think about data with self-service capabilities and user-friendly analytics that can be used...
- Proactive Planning for Big Data
- Big data is less about the terabytes and more about the query tools and business intelligence needed to make sense of massive amounts...
- Inquiry Spotlight: Consumer-Facing Identity
- The challenges of consumer-facing identity management, access management, and authentication differ in ways subtle and dramatic from those of the employee-facing variety.
- IDC Security Infographic
- From the Era Before security to this current era of empowerment this infographic from Blue coat provides a timeline navigates the rise of... All Financial IT White Papers
- Becoming An Analytics Driven Organization
- Join us on Tuesday, June 18, 2013, 11:00 AM EDT and learn how your agency can create an analytics culture that will enable...
- 3 Reasons Why Sepaton is the World's Fastest Backup Solution
- Leading analyst, Storage Switzerland learns how Sepaton backs up and deduplicates massive data volumes while maintaining the industry's fastest performance - all in...
- Enterprise File Sharing: All You Need to Know
- Security. Scalability. Control. These are just some of the many benefits of enterprise cloud file-sharing that you'll discover in this KnowledgeVault, packed with...
- Bridging HTTP and FTP with FileXpress Internet Server
- What if you could take an FTP server on your internal network, and allow external users (partners or customers) to securely access it...
- MFT and FileXpress - An Overview
- Business users and applications exchange files on a regular basis. File transfer is a core part of the flow of business activity. All Financial IT Webcasts