January 28, 2010 10:01 PM
What constitutes adequate security for a bank? PlainsCapital Bank in Lubbock, Texas says what it currently has is enough, and if after all that some crooks still manage to steal your money, it's not the bank's fault. The bank has preemptively sued a business customer, Hillary Machinery, to absolve itself from any liability on what it couldn't get back from the more than $800,000 that was stolen by foreign hackers last November.
PlainsCapital argues that it uses every reasonable security method to protect its customers' assets, and it points out that the attackers used valid login credentials. In fact, in the lawsuit the bank argues that it "accepted the wire transfer orders in good faith," shifting the responsibility entirely over to Hillary Machinery. But nobody seems to know how the attackers got the credentials, and I'd hope any bank I loan my money to would employ multiple security protocols in the event a particular wall is breached, as in this case. Things like, I don't know, looking for suspicious transaction patterns. Or noticing when a customer's newly authorized computer has an IP address located in Romania instead of Plano, TX.
That's basically what Hillary Machinery thinks, too. Troy Owen, a vice president at the company, says the transactions were different enough from the company's regular activity that they should have raised multiple red flags at the bank They all happened in rapid succession, the payments were being sent overseas to payees Hillary had never done business with, and some of them were for amounts much large than Hillary usually made.
The rest-
http://consumerist.com/2010/01/bank-sues-victim-to-avoid-replacing-200k-in-stolen-funds.html