Friday, January 19, 2007

A Swedish-Trojan tale

According to the Beeb

"Internet fraudsters have stolen around 8m kronor ($1.1m; £576,000) from account holders at Swedish bank Nordea. The theft, described by Swedish media as the world's biggest online fraud, took place over three months. The criminals siphoned money from customer's accounts after obtaining login details using a malicious program that claimed to be anti-spam software.
Nordea said it had now refunded the lost money to all 250 customers affected by the scam.

"What is important is that none of our customers will have lost their money," said a bank spokesman. "

Really? At a conference last Tuesday organised very helpfully by ISPA , the UK ISP Association, to discuss the upcoming HL Inquiry into Personal Internet Security, the view was informally expressed that the banks are not really hurting on this one yet. If and when they do, we'll start to suddenly see a trend for these kind of losses to be absorbed by the customers. One wonders how the bank offsets their losses - what do their own insurance policies cover? Or are they just using up profits?

It is generally believed on the high street that any misuse of money in consumer bank accounts is the responsibility of the bank. In fact the real law is much less clear - especially in cases like phishing where the customer is arguably the one in breach of duty of care. Cases like this where Trojans are implanted as key loggers or other forms of spyware are a middle ground, being (again arguably) neither the fault of customer or bank; and misuse of credit cards, as in ID theft, falls clearly (after the latest clarification as to use overseas) into the consumer credit protection guarantees of the EC ie the responsibility of the card issuer.

I've yet to see a really clear piece of work in the UK dealing with these issues and not sponsored by an obviously involved party eg a bank or a law firm who wants bank work. It might be a good PhD for someone, since we apear to be in PhD application season..:-) Better than doing electronic signatures AGAIN for sure!

2 comments:

Ian Brown said...

Did you see:

Bohm,N., Brown,I., Gladman,B. (2000). Electronic commerce: who carries the risk of fraud? Journal of Information, Law and Technology

Could do with updating to cover phishing :)

Anonymous said...

runescape money runescape gold runescape money buy runescape gold buy runescape money runescape money runescape gold wow power leveling wow powerleveling Warcraft Power Leveling Warcraft PowerLeveling buy runescape gold buy runescape money runescape itemsrunescape accounts runescape gp dofus kamas buy dofus kamas Guild Wars Gold buy Guild Wars Gold lotro gold buy lotro gold lotro gold buy lotro gold lotro gold buy lotro gold runescape money runescape power leveling runescape money runescape gold dofus kamas cheap runescape money cheap runescape gold Hellgate Palladium Hellgate London Palladium Hellgate money Tabula Rasa gold tabula rasa money Tabula Rasa Credit Tabula Rasa Credits Hellgate gold Hellgate London gold wow power leveling wow powerleveling Warcraft PowerLeveling Warcraft Power Leveling World of Warcraft PowerLeveling World of Warcraft Power Leveling runescape power leveling runescape powerleveling eve isk eve online isk eve isk eve online isk tibia gold Fiesta Silver Fiesta Gold
Age of Conan Gold
buy Age of Conan Gold
aoc gold

呼吸机
无创呼吸机
家用呼吸机
呼吸机
家用呼吸机
美国呼吸机
篮球培训
篮球培训班
篮球夏令营
china tour
beijing tour
beijing travel
china tour
tibet tour
tibet travel
computer monitoring software
employee monitoring