Petition To Congress On E-Banking Security

Authentify to ask security pros to get politically active to protect America's SMBs

February 24, 2010

3 Min Read


February 22, 2010 " Chicago, Illinois In November 2009 when executives of Texas-based Hillary Machinery Company discovered $800,000 missing from their online bank account they went looking for answers. What happened next is surprising. Their bank, Lubbock, Texas based PlainsCapital Bank was able to recover some $571,000 of the missing funds, but when Hillary pressed them to make good on the missing $229,000, PlainsCapital Bank filed a pre-emptive lawsuit asking the court to declare the bank's security measures "commercially reasonable" and shield them from further recovery efforts by Hillary. The case has yet to be decided but could have serious ramifications for banks, businesses and the information security industry.

At next week's 2010 RSA Security Conference, Authentify, Inc. will be asking our nation's top security professionals to get politically active to protect America's small and medium-sized businesses (SMBs) from financial ruin at the hands of foreign cyber-criminals. According to an Intelligence Note published November 3, 2009 by the Internet Crime Complaint Center (IC3), cyber-thieves have been attacking the bank accounts of SMBs like Hillary Machinery at an accelerated rate in the past 12 months. Authentify believes this issue is of special concern to our country's security elite. Authentify will ask all RSA 2010 attendees who believe it is not "commercially reasonable" for banks to allow money entrusted to their care to be stolen, to stand up for their beliefs by coming to Booth #732 on the exhibit floor and signing our petition to the Congress. The goal is to force the financial services industry to get serious about their authentication and fraud control procedures or make good on customer losses when those procedures fail.

In response to the proliferation of more-sophisticated malware tools such as Zbot, clampi, and ZeuS, the FFIEC, FDIC, FRB, FTC, FBI, FSLIC, SPIC issued special alerts to financial institutions including FDIC FIL-66-2005 titled "Guidance on Mitigating Risk from Spyware." This document included the following instruction: "Investigate the implementation of multi-factor authentication methods, which would limit the ability of identity thieves to compromise customer accounts, even when a thief has a customer's ID, password and account numbers."

"It's an admonition that many banks seem to have ignored," said Jim Woodhill, Authentify's founder and chairman. Right now, no organization that banks online is safe. The time for 'investigating' how to protect your customers is over. RSA Conference attendees might not realize that our lawmakers have little awareness of the extent of these attacks, much less that there are lawsuits active in federal courts from coast to coast against banks that have failed to protect or reimburse their clients. Authentify believes it's time for "We The People" of America's security community to make our voice heard. We ask all RSA 2010 attendees to join us by visiting Booth #732 on the Expo floor and signing our petition to demand action."

Authentify's petition reads:

"We, the undersigned, demand that all banks who want the cost savings that accrue to them from having commercial organizations transact over the Internet bear all the fraud costs associated with online access. Federal Reserve Regulation E protections must be extended to cover to all commercial accounts that are accessible online."

This petition will be used to urge Congress to write into law what the esteemed Bruce Schneier has previously suggested in his September 23, 2009, Schneier on Security blog post, Eliminating Externalities in Financial Security.

Authentify will hand-deliver the signed and e-signed petitions to the offices of the chairmen and ranking members of the relevant committees in both the U.S. House of Representatives and the U.S. Senate. Subsets of signatures by state and congressional district will also be complied and delivered to the corresponding senators and representatives for those states and districts.

For those who would like to back up their petition signature with a personal message to the Congress, Authentify will also have sample letters to their congressperson on this issue available in its booth or its web site, along with links to learn to whom in the House and Senate such personal communication should be addressed. Readers can sign an online version of our petition beginning March 1st at

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights