February 07, 2005

• I dunno, jim, if someone who isn't me uses my credit card number to buy stuff online (and it's happened), I'm not liable. Nor would I expect to be. Now, if the guy was doing his internet banking on a public library terminal ...
• I used to bank with BofA and if anything I think their security was a bit heavy-handed. I call bullshit too. One of my pet peeves with Bank of America was that annoying question on every login "Is your account serviced in Georgia?" Which I think had something to do with them not being able to buy out NationsBank in that state in the 1990s. I dropped my business account with BofA because of their incredibly multi-layered bureaucracy, replete with a corporate voicemail-from-hell that rivalled SBC's. Went with a local bank and have been super happy since.
• So what exactly happened here? The article doesn't give any details that make it clear whose fault it was. BofA said they didn't initialize the wire transfer, but did they ask for any verification of user identity? There had to be a password involved somewhere, right? If so, how did the crook get hold of it? And for some reason, I was more sympathetic to the claimant before I found out he has a printer ink company.
• Is this any different than the woman who sued MacDonald's because she spilled hot coffee on herself? At least this guy has a legitimate claim - he's out $90,000.
• Well, the coffee woman had to have a couple of reconstructive surgeries to repair the damage done by that coffee. It was hardly a case of saying "Ouch, now give me cash."
• Yeah, the McDonald's coffee woman had a claim. McD's used to keep their coffee right under the boiling point so they could use less coffee grounds and save a few cents per pot. /derail
• Banks provide customers with 'convenient' online banking in order to lower staff costs elsewhere in their system. If they can't provide a secure system, which includes protection against viruses which they knew about, then they're liable, IMHO, and the money they save from lower staffing should be able to cover instances like this.
• If you opt to use online banking (which was indeed optional when I was with BofA), you'd damn well better be aware of the risks that go with that, just as you'd better be aware of what happens when you make credit card purchases online. Anyone who doesn't keep a close eye on their computer's security when they use that computer to control their finances is a dumbass. You don't expect convenience like that without reprisal. Theoretically, this guy has only lost $20k, not $90k, because seventy of the total was frozen before the recipient could withdraw it, and presumably as long as the BofA file a criminal report, they can get that $70k back to the him. BofA are obligated to do their best to recover the money, especially since this is in the public eye now.
• The problem is, that banks are selling these services as 'just like face-to-face banking but more convenient,' and a lot of people believe them. The banks could say "we have this wonderful convenient service but make sure you run virus checkers if you want to avoid being ripped off," but that would just make people think the bank does not know what it's doing. Instead the banks imply the system is safe, and your normal mom'n'pop bank/computer users assume it is so.
• After reading the article, I read into the account that the trojan allowed someone to remotely use this guys computer to log into his online account (I could be wrong, but that's my intrepretation). And, if's he's browsing the web, he might use the built-in Auto-Complete function of IE which can remember user names and passwords for websites. Or he could have been using any number of password storage applications. Or, they could have added a keylogger. Or the guy uses "12345" as his password. From my perspective (again, from my interpretation), this guy should be liable because the requisite information was either available from his computer or his login credentials were easily guessed. Either way, if there was a legitimate login, BofA has no culpability in this. I'm not a fan of BofA either, but it doesn't sound like they did anything wrong.
• No experience with BofA, but if their web department is worth half their salt, they'll have disabled the autocomplete (or at least a part of it), so that a minimum of effort is required to get into the site. I know every banking creditcard website I have ever used has managed to disable this function, which at times is annoying, but worth it. I personally go with keylogger, or the guy keeps a word file called "passwords" in his MyDocuments folder.
• And from the article, it seems like the victim will have to go after the Latvian bank to the the other $70K. I think BofA is taking the tack that they would be admitting wrongdoing if they deal with the other bank.
• Broken: Bank of America jailing a customer
• Sounds like a tidy civil suit. Morans.
• Here's my problem, though. The site says that someone is keeping track of the amount of money Bank of America has lost from customers withdrawing their money in protest over this incident. Surely, this was not corporate policy, but rather some dumb teller and her dumb supervisor taking matters into their own hands. Isn't it more accurate to say "Bank of America teller (or branch) jails customer"? I don't think the edict to have all customers that bring in suspect checks jailed came from the top. I could be wrong, but I don't see pulling money out. /rant
• Well, assuming that (a) it's a true story and (b) that BOA is sticking to it then (c) BOA is supporting the action fully and should be taken to task, i.e. lose customers. I'd like to see it go mainstream, but for some reason banks never seem to get bad press. Huh.
• Actually, if you read the linked article inside the "this is broken" article, the guy has nothing to complain about; he suspected something was wrong, but instead of asking if the check was fraudulent, he asked the teller if there were sufficient funds, and then told them to cash it. BofA did everything they were lawfully supposed to do. The guy is either stupid, in which case ignorance of the law is no protection, or he's lying and pretending innocence. If he was innocent, he would have reported the suspicious check to BofA, not asked them to cash it.
• he asked the teller if there were sufficient funds, and then told them to cash it But . . if there weren't sufficient funds . . I mean, . . . If he suspected something was wrong, and then asked if there was sufficient funds . . is that not the same as asking if the check is fraudulent? If the teller had informed him there weren't sufficient funds and the customer told them to cash it anyway, isn't that the same as holding up the bank? *phones authorities about a possible fraudulent sign-language speaking ape*
• If he suspected something was wrong, and then asked if there was sufficient funds . . is that not the same as asking if the check is fraudulent? No ... it's being dishonest. Asking if there's sufficient funds is the sneaky way of finding out if he can have this money, which he knows he's not entitled to. He should have told them he suspected the check's authenticity, and could they verify it.
• If it's a BOA check in the first place (as posted by boingboing), then what - other than average "that's kinda weird" suspicion makes it dishonest? It was their check in the first place - are there enough funds or not? Are you saying he's in on the scam? Obviously I'm not revealing the enormity of my understanding about this particulary sort of grifting.
• The fact that it was for way more money than $600 he was expecting was enough to raise suspicion in him: Shinnick said [...] he was made suspicious by the unexpectedly large payment. "That was kind of a red flag because it's a lot of money," he said. "I didn't want to deposit it into my account because I didn't want it to bounce." Also the fact that it was drawn on the guy's company's account (for a pair of mountain bikes? Hello?) should have set off alarms. Anyway, like I said, maybe the guy's just dumb, but the whole thing smacks of him trying to take advantage of the situation, and then whining about the inevitable outcome. Granted, the manager could have tried to find out if he was intentionally trying to pass a bad check, but the bank probably has very strict rules about such things, especially since "a warning had been placed in BofA's computer system to watch for fraudulent checks drawn on the account in question". He was probably required to phone the police immediately. At any rate, regardless of his intent, he has no legal recourse against the Bank, because they were only doing what was required by law.
• Double trouble for ID theft victim
• This woman should have spent five minutes doing some research, as should the author of the article. All electronic debits, whether done with a debit card, atm card, or by ACH (electronic debit direct to a checking account), are governed by Federal Regulation E. The bank had an obligation to log her claim the minute she made it, and to have funds returned to her account within 10 business days. And although they could insist she file it in writing as well, she didn't have to use their form. She's not liable for these charges, and the article's claim that "zero responsibility" credit card charges are easier to dispute is not true. If the bank did all she said they did, they were breaking federal banking regulations. Since most banks live with the specter of Reg E over their heads constantly, it's hard to believe an organization as large as Bank of America would be ignorant of it. Does anyone believe she's the first victim of fraud Bank of America has ever dealt with? They handle hundreds of cases like hers a day. And they screwed this one up so badly? Also, what kind of idiot leaves her account open for criminals to keep draining, gets a loan, keeps watching the negative balance grow, and waits SIX WEEKS before demanding someone at the bank close it NOW? There are lots of consumer protections out there for all of us, but they're no good if we're victims of our own stupidity.
• I was thinking as I read the article, "why doesn't she open a second checking account and move things over? So the theif doesn't know that number?" It just seemed that there was maybe too much fuss. And that's my $0.02. Minus posting fees. And the non-preview option. Which brings us to -$0.05. *hits Lara up for a nickel*
• It seems to me that she was pretty proactive in the whole thing. She was on the phone with B of A the minute she found something was wrong. Having had checking accounts with B of A before, I'm pretty sure what they told her: just deposit money to cover the charges, and we'll fix this. They tried to do that to me once, when they had charged me an outrageous amount in fees that weren't even legit. I called, and called, and called trying to get them to understand it was B of A's problem, not mine. What I was told every time was "just pay the charges, then we'll figure it out". Yeah, I don't think so. Depositing money into a compromised checking account, though, is NOT smart. I don't care what the bank rep says - it's not their ass and money on the line.