The document discusses several legal issues related to digital banking. It begins by explaining how digital banking allows for funds transfers between accounts but also introduces vulnerabilities like hacking. Next, it provides an example of a cyber theft from the SWIFT banking network that resulted in over $1 billion stolen. The document then discusses potential fraud in digital payments, providing an example where a customer's payment vanished during an online purchase. Finally, it discusses relevant laws around digital banking transactions and payments, including Article 4A of the Uniform Commercial Code.
1. TECH CYBER CRIME: Homegrown menace
Contents
1. Regional trouble
Listen
As Latin Americans take to online banking, Brazil is scoring
records for the wrong reasons.
The number of internet users in Latin America has doubled in
less than a decade, according to the World Bank. Close to 60%
of Brazilians used the internet last year, up from less than 30%
in 2006. But as more people log on, they open their personal
information to new vulnerabilities.
Last year, cybercrime cost the world economy $445 billion,
according to figures from PwC. "The more people recognize
money is digital, the more criminality will migrate there," says
Tom Kellerman, chief cybersecurity officer at Trend Micro, a
software security company.
With 34% of Latin America's population, Brazil has also
become LatAm's stomping ground for cybercriminals. The
country ranks in the top three launching pads for cyberattacks
and at least 75% of Brazilians say they have been victims of
cybercrime, according to PwC.
Russia and China have long been home to the originators of
cybercrime, but that is changing, says Kellerman. Increasingly,
hackers are using home-grown programs. "The Brazilian
underground used to be some of the biggest buyers of malware
from Eastern Europe, but now they are producing their own," he
says.
Financial institutions, energy companies and governments are
the top targets for cybercrime in Latin America, says
Kellerman, adding that the prevalence and severity of
cyberattacks in the region "is dramatically getting worse".
Last year, RSA Research Group uncovered a new malware
attacking Brazil's Boletos, a type of payment slip. RSA found
that more than 30 Brazilian banks had been targeted.
2. Cybercriminals obtained user login information and used their
bank accounts to issue Boletos, which can be printed out or
used online.
When a customer gives the slip to a merchant or other person,
the bank transfers money from the customer's account.
Cybercriminals intercepted the Boletos and redirected the
payments to their own accounts. RSA estimated losses to be
8.57 billion reais ($2.2 billion at today's exchange rate).
For the first time, Hewlett Packard and the Ponemon Institute
included Brazil in its annual Cost of Cyber Crime Study,
published in October. The survey deals with expenses related to
theft, lost business and business responses allocated to fight
cybercrime. Cybercrime hit US businesses the hardest, costing
companies with more than 1,000 employees $15 million each
per year on average, the report found.
Brazil ranked fifth, with the 27 companies with over 1,000
employees surveyed reporting average losses of $3.85 million
from cyberattacks.
Financial service providers had the most significant losses. The
most costly crimes are denial of services attacks, which aim to
render a company's service unusable to its clients.
Regional trouble
Although Brazilian financial institutions have taken the brunt of
cyberattacks in Latin America, hackers are also hitting other
Latin America countries, namely Mexico and Colombia.
From 2000 to 2014, Mexico's internet-using demographic grew
from 5 million to more than 50 million, almost half the
population of the country, according to PwC data. Meanwhile,
cyberattacks grew by 40% in 2014 alone, costing the country
roughly $3 billion.
The issue is prompting state-level action. The Mexican
government has agreed to adhere to online security protocols
outlined in the Budapest Convention and has created a special
public agency, the National Center for Cyber Incident Response,
to lead its cyber defense. Colombia, where cybercrime cost an
estimated $464 million last year, has also taken steps to combat
3. cyberattacks, including creating a dedicated government agency
to address the issue.
Looking ahead, banks, companies and governments will likely
have to ramp up their security operations to guard against a new
wave of cyberattacks. Spending on cybersecurity in Latin
America will more than double from $5.29 billion in 2014 to
$11.91 billion in 2019, MicroMarket Monitor forecasts.
Banks and companies need to invest at least 20% percent of
their IT budget to guard against cybercrime, Kellerman advises.
Also, they have to prepare for more sophisticated types of
attacks.
The defense should focus on next generational cybersecurity.
"For example virtual patching and mobile security," he says.
"They also need to test their systems for vulnerabilities before
they are exploited."
Banking Technology
~~~~~~~~
By Patrick Ferguson
Rise in Digital Banking Heightens Fraud Risk, Bankers Say
Listen
Technology
Online and mobile banking have forever transformed the way
people bank, but the digital evolution has a dark side: it is
increasingly creating new opportunities for fraudsters to hack
into accounts.
Text messaging and email are increasingly becoming vehicles
for phishing scams in which fraudsters send phony messages to
bank customers and fool them into providing login credentials
or account information. Mobile check deposit is touted for its
convenience, but it has also created opportunities for "double-
dipping" in which thieves scan images of checks into one
account and cash the physical checks elsewhere.
"In the banking industry, we compete on how easy it is for new
customers to find us and make deposits with us, to switch from
4. their previous financial institution to our bank," points out
Aaron Glover, senior analyst for fraud risk management at
SunTrust Banks in Atlanta. "By making it easier for our
customer, we may be inadvertently making it easier for
fraudsters."
Of course, fear of fraud has been a concern since the dawn of
Internet banking, but these fears have escalated as technology
has advanced and consumers have grown more comfortable
accessing their accounts and communicating with their banks
through multiple channels.
Meanwhile, thwarting attacks is an ongoing challenge.
Fraudsters have become more sophisticated and more
knowledgeable about banks' practices -- for instance, they know
when and how they call customers to verify fund transfers --
and banks, whose technology budgets are stretched thin,
sometimes struggle to put up adequate defenses.
Still, some banks are coming up with some creative approaches
to security, developing programs in which they are setting traps
for criminals and hiring people with nontraditional skill sets to
be fraud analysts.
Others are more focused on educating customers on how to
detect scams and to be more vigilant about protecting their
information.
James Gordon, the chief technology officer at the $1.2 billion-
asset Needham Bank in Massachusetts, says he wants to develop
a code of ethics that would spell out all the ways the bank
would or would not communicate with customers. For instance,
he says the bank would never ask for a customer's Social
Security number via text message or email, so if customers were
to receive messages asking for such information they would
know instantly that it's a phishing attempt. Gordon envisions
distributing this code as an in-branch brochure that would be
handed out to new customers, or as a statement stuffer.
"The multitude of channels offered -- text message, phone call,
email, voice call -- is a confusing point for customers," says
Gordon. "They don't know exactly how you might reach them
5. next and they're unprepared for what the channel or the tone
will be," making it harder to discern fake messages from real
ones.
Online account opening is one point of vulnerability. Here the
customer does not have to go into a branch but opens a deposit
relationship with a bank straight from its website. Much of the
information a bank would use to verify a customer is in
databases such as LexisNexis's repository of legal and public
records-related information.
Atlanta, Ga.-based LexisNexis was breached last year by an
identity theft service that sells Social Security numbers, birth
records, and other sensitive information on U.S. citizens.
Anybody who was able to grab or buy this stolen data could
potentially open an account using someone else's identity.
Mobile check deposit is another point of potential weakness
fraudsters are more actively testing. In one recent case of
double dipping, a man in Louisville, Ky., man apparently used
mobile remote deposit capture and a Bank of America account
to deposit 32 Western Union money orders, then took those
money orders to a Kroger grocery store and got cash for them.
There's also been a rash of fraudulent online wire transfers
lately, with criminals using call forwarding to make sure that
when the bank calls the customer to verify a transfer, the call
actually goes to the criminals themselves or their associates.
"Phone number forwarding has been a huge challenge for our
bank and others because it's outside of our control," Glover
says.
In March, a Bank of Montreal customer shared with the
Huffington Post his story of being a victim of wire transfer
fraud and losing $87,500 of inheritance money.
The customer, Bruce Taylor, a Canadian engineering consultant
who lives and works in Texas, was in a Houston hospital having
open heart surgery while his account was being drained. He had
inherited money that was held in BMO term deposits, then
automatically deposited in a Canadian savings account when the
investments matured.
6. In August, someone emailed Taylor's BMO investment adviser,
using Taylor's email address, saying he needed the money wired
to his cousin immediately. (The email and follow-up faxes
contained spelling and grammatical errors.) The bank asked for
a phone number to verify the transfer -- and got a phony one.
After the confirmation call, a BMO employee approved and sent
two wire transfers, for $47,500 and $40,000, four days apart.
In cases of wire transfer fraud where call forwarding is used,
"We only find out a few days later, after the client reports they
haven't been receiving phone calls in the last couple of days,
that they've had an account takeover and have been exposed to
check fraud," Glover says, adding that it's the bank that eats the
loss.
One regional bank has made an interesting counterintelligence
move against wire transfer fraud with a program called Honey
Banker. The bank sets up a trap -- or a honeypot -- by listing
the names and email addresses of fake bankers on its website --
names no real customers would be given. When people call
those pseudo-bankers and ask for a wire transfer, the bank
knows that it's an attempted fraud.
Another solution many bank security officials have been
discussing of late is better information sharing, both among
different departments in a bank (such as wire transfer and anti-
money laundering compliance) and among banks and nonbanks,
including Internet service providers and telecommunications
companies. Analytics performed across multiple data silos can
turn up suspicious patterns of behavior that would not be
detectable in one data source alone.
A third line of defense is sturdier authentication methods, such
as taking a blueprint of the customer's voice, iris, fingerprint or
palm print, and requiring them to match what's on file every
time they log in. Many banks, including Wells Fargo and ING
Direct Canada, are experimenting with such biometric security.
A fourth measure is hiring fraud analysts with the right set of
skills to find emerging threats. Traditionally the thinking has
been that fraud analysts ought to have fraud experience, but
7. that's not necessarily true, according to Glover. SunTrust, for
example, has hired a website developer who was versed in
hadoop and Big Data, as well as security. Although he also did
not have a fraud background, he has helped the bank build a
new data architecture for bringing information together from
different sources for fraud detection.
You can teach fraud, but you need to hire people who are
curious, who have a natural facility with data, and who
understand what they're doing," Glover says.
~~~~~~~~
DIGITAL BANKING: LEGAL ISSUES
2
Digital Banking: Legal Issues
[11/04/2018]
Running head: DIGITAL BANKING: LEGAL ISSUES
1
Digital Banking: Legal Issues
Digital banking, with the internet being the medium, has
revolutionized the world of banking. Strozniak (2017) mentions
that the working of the digital system is well only when the
default options set in the system are designed to help the buyer
of the (any) product. Digital banking service provides the basic
information (stored in the cloud database of the bank) related to
8. account specifically the balances and the statements. In digital
banking service, customers in the present time are using this
service for the transfer of funds between accounts in an
interbank transfer or even in the intra-bank transfer systems.
With the development of internet banking, digital banking is not
available on the smartphones of every individual. However, like
every other technology, this technology holds both pros and
cons for users. Digital banking after its utilization came up with
some legal issues. These legal issues were identified when
people had to face the consequences of digital banking. Some of
the common legal issues associated with digital banking along
with the real-life examples and their remedies will be discussed.
Digital Bank Transactions and Example of Swift Financial
Network
Banks are legally liable for the digital bank transactions that are
carried out within the banking system. The digital banking
system can go wrong due to a number of reasons. Hacking and
cyber theft are some of the common issues encountered.
Everyone has known the hacking of credit and debit cards since
the development of internet. With the increase in the use of
digital banking, a more authorized system is required that keeps
a check and balance on the entire working of every customer
account since in case of loss of networking data by any of the
bank it is the customers that suffers the most.. Hence these
charging for e-banking and gathering the information of the
users are some things which make the banks liable for all such
hacking conditions. Here the basic question arises if the
customers will be getting their lost money due to any kind of
hacking done on the networking system of the bank.
In the article The "Foundation" of Risk: Does a Banking Client
Get Its Money Back after Cyber Theft? By Klees (Klees, 2016)
the writer has mentioned the incidence encountered in the Swift
banking system. A cyber-theft was reported of more than $1
billion. However, it was the luck of the company that the
government organization did not lose so much of the amount as
one of the observant workers noticed some changes in the
9. network and stopped the network at that time.
The story of the hack observed in the Swift banking system
came front of everyone. Thieves entered the Swift banking
system and hacked the networking system resulting in the loss
of both the bank and their corporate clients. No evidence of
fraud was present in this case. Despite this entire situation
encountered in the Swift bank case, this cannot be denied that
hacking attacks is one of the biggest realities in the world of
digitalization. For the process of recovery of the corporate
clients who have been trusting the banks from the beginning, a
law exists which has been summarized by the article given by
the Kleen (2016). This area of law as mentioned by Kleen is
relatively new and has evolved with the progressed of
technology. In this banking case, a mutual security system can
be divided by the consent between the bank and the client so
that both parties hold equal responsibility for the loss
encountered.
Article 4A of the Uniform Commercial Code (Adopted first
in1989) mention related to the balance between the rights and
obligations that exists between the banks and their corporate
clients (law refers to them as customers) due to ‘payment
orders' whether oral, electronic transfer, or written (Deahl,
2018). According to Article 4A initially, all the liability of the
loss was on the bank unless the security of the bank was
commercially acceptable and the bank accepted payment orders
with complete security procedure (Deahl, 2018).
Digital banking payments and the fraud in them:
A customer buys from an online shop and proceeds with the
payment processes by using the facility of E-wallet. An email
has been received connected with the E-wallet that the
transaction has been successfully made but the online retailer
mentions that no payment has been received. This sounds to be
the moment of astonishing for the person. The money just
vanished somewhere in cyberspace and the consumer is left with
no option virtually.
Introducing fraud schemes is becoming common. One of the
10. cases that have been encountered related to fraud scheme is
mentioned by Spencer (2017).
In the eye doctor case, Spencer (2017) mentions that the eye
doctor from Florida had been imprisoned because of being
involved in a $100 million Medicare fraud. What has been
traumatizing here is the use of such a noble profession to earn
money in an illegal way. Patients gave a mixed opinion about
the doctor as the doctor was found to make some patients
recover while some patients were left blind forever. The number
of fraud done by the doctor, in this case, was nearly 67
including all the healthcare issues caused to the patients and the
wrong record keeping of payment and patients in their
concerned files.
In this case, after going through the process of the trial the
doctor has been convicted as a result of the proven fraud done
by the doctor with the number of clients. Similarly in case of
the digital banking frauds section 43 of the Information
technology (Spencer, 2017) act (This covers the data protection)
related to all such frauds and the remedies associated with it.
Once the flaw is found in the banking transaction cyberspace,
the bank holds liable in case of the data being unprotected due
to the banking system. State Supreme courts mention the
contractual agreement between the customers and the bank once
they agree to the utilization of the online banking system.
However, in this scenario, the digital banking systems
associated with certain banks need to come up with higher
security remedies for keeping the trust of their clients.
Challenge of Global technology implementation and the use of
Artificial intelligence:
Some of the banks currently are lacking the level of
infrastructure that is required for the process of digital banking.
Keeping the level of digital banking adequate is one of the basic
issues that lead the security risks among the customers. The
customers in return stop trusting the banks. In case some issue
is found the banks suffer legally along with the monetary loss.
Strozniak (2017) in his article, ‘Fraud Case Unsolved 3 Yrs.
11. Later. Credit Union Times’ mentions about the issue of frauds
and the legal correspondence to this issue has been mentioned.
The article highlights that ‘Data Breaches’ are bad for the
companies and the overall working of the banks since other than
losing their customers they undergo through the process of
monetary loss as well.
After the issue of data, breaching was found by the retailers and
the credit unions, both the parties agreed to the fact that data
breaching is turning into a nightmare and that Congress needs to
come up with some legislation for this. The government, along
with the assistance of FBI, started to figure out the reason
behind the data breaching. While assessing the case of Parsons
Pittsburg case mentioned in the article, the government at first
came up with the fact that there are insufficient resources in the
case, which has led to the possibility of this case. However,
insufficient resources by the banking institutes or the financial
holders have been researchers by the technological researchers
and one recommendation has been found.
Conclusion
Digital banking is the technology of the present time. Digital
banking system empowered the entire process of transaction,
however, like all technologies this technology has its dark side,
which has gone through some legal procedures. Three main
legal issues in digital banking include the data breaching idea,
transaction issues, and global technology implementation. Laws
have been generated against all these issues, however, digital
banking system needs to fight the idea of data breaching and
fraud schemes initially to maintain the reputation of a bank
overall.
References
Deahl, R. (2018). Reverberations continue in Donadio
embezzlement scandal. Publishers Weekly, 265(33), 4–5.
Retrieved from
12. http://search.ebscohost.com.proxyhv.lib.montana.edu/login.aspx
?direct=true&db=bth&AN=131194574&site=ehost-live
Klees, E. H. (2016). The “fandation” of risk: Does a banking
client get its money back after cyber theft? Business Law
Today, 1–6. Retrieved from
http://search.ebscohost.com.proxyhv.lib.montana.edu/login.aspx
?direct=true&db=bth&AN=117411628&site=ehost-live
Spencer, T. (2017). Eye doctor tied to Bob Menendez case
Convicted in $100 million fraud scheme. Time.Com, 1.
Retrieved from
http://search.ebscohost.com.proxyhv.lib.montana.edu/login.aspx
?direct=true&db=bth&AN=126591628&site=ehost-live
Strozniak, P. (2017). Fraud case unsolved 3 yrs. later. Credit
Union Times, 28(3), 1–19. Retrieved from
http://search.ebscohost.com.proxyhv.lib.montana.edu/login.aspx
?direct=true&db=bth&AN=121374246&site=ehost-live
Business Law Paper
Now that you have been exposed to some concepts and topics
related to Business Law, you will write a paper on a topic
within "business law" that interests you.
For this paper, you must research and read a minimum of 6
articles from the Library Database. Integrate information from
all 6 articles into your paper. Find articles that expand the
topic (e.g., not simply repeating what is presented in the
textbook). Limit your search to full-text articles. Limit the
13. Publication Type to a Periodical or Trade Publication. Limit
the data of Publication from 2014 to 2018.
Paper Requirements:
You must use Full-Text Articles from a Periodical or Trade
Publication, published in 2014 to 2018: 40%. Your paper must
include a “Works Cited” page.
Present solid content, including paragraphs.
Convey your message using appropriate grammar, punctuation,
and spelling.
In-text citations are required. When you paraphrase information
from an article, you must use in-text citations, APA Style.
When you use a direct quote from an article, you must use in-
text citations, APA Style.
Paper Content: Exploration of the Topic. You must integrate
information from all 6 articles into your paper: 30%
Quality of Writing (e.g., grammar, punctuation, sentence
structure, etc). 30%
Use of Full-Text Articles from a Periodical or Trade
Publication, published in 2014 to 2018: 40%.
Deadline: Submit your paper in Brightspace, Activities
(Dropbox), by 10:00 pm on Sunday, November 2.