Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Contract clauses that waive a bank's standard of due care for online security should not be enforceable. All sorts of other clauses are declared unenforceable all the time. This clearly should be one of them. It is practically the whole charter of a bank to protect funds from unauthorized access. If your contract waives that responsibility, you shouldn't be allowed to have the word "Bank" in your name.


I agree with you completely - I would give you +1000 if I could.

The part I find the funniest is that the judge actually agreed that the bank's security was lax, yet still dismissed because Patco was in violation of the agreements.

I wonder how many new business customers Ocean Bank has signed up since this suit went public? The good old free market is (hopefully) doing its thing.


But is there anything to suggest that other banks in similar business space are any different?


After having gone through the entire thread I wish I have your patience.


Let's assume for a second that this wasn't a hacker, but a malicious employee. In your world is the bank still liable for this?


No, because even using countermeasures that meet or exceed industry best practices, a malicious employee could be expected to gain access to the account. Unlike this case, the internal fraud would be entirely outside the bank's control.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: