Business Swindled Online - Who is to Blame?
- If Genlabs had software protection (that did not spot the infection) should they be held responsible? Would it matter if their software was up-to-date?
- Should the anti-virus/malware software company be responsible if their tool was unable to detect the infection, but a competing software tool could (hypothetical)?
- Should the bank be held responsible since their online security had been compromised?
It's an interesting discussion topic, and I invite you all to express your thoughts.
Comments
-
You are assuming though that everyone followed "standard security procedures." In most incidents however, that simply isn't the case. In fact, there are studies that show that businesses, small ones in particular, rarely have adequate protection. A bank may not want to refund a business if they haven't taken the right steps. And your example of insurance - an insurer may not want to refund a car owner if the owner was negligent. In other words, the insurer will push back on reimbursement if the car door is left open with the keys in the ignition...
-
[...] of the rash of business online banking fraud that has hit the market (see my blog entries on this here and here). I asked the panel if their financial institution had contacted them recently to make [...]
You can't really hold the Bank responsible if security was compromised at Genlabs. That would be like blaming the locksmith if someone stole your house keys out of your pocket on the subway. Sure, you could force banks to beef up their security and add extra layers of authentication, but in the end, thieves will always find a way to steal things. That's what thieves do, and they'll always be there.
I keep my car locked, in a private parking garage, with an alarm and an engine kill switch. Does that mean someone can't steal my car? Do I need to do anything more to absolve myself of responsibility should my car be stolen? I don't think so. I have insurance, which I pay for, to protect me in the event of theft. That's what companies like Genlabs should have to protect their bank accounts (and any other financial assets) from identity theft. The more security they implement, the cheaper the insurance should be, giving incentive to both companies like Genlabs and their banks to beef up their security. There shouldn't be any fault assigned if everybody followed standard security procedures, as no company (not Genlabs, the security software provider, nor the bank) can ever guarantee zero capability of theft.