Up until now, banks have covered this sort of loss, as a cost of doing business. Now, that cost has hit a pain threshold.
A judge in Maine has ruled that a bank that allowed hackers to steal more than $300,000 from a customer’s online account isn’t responsible for the lost money, saying the customer should have done more to protect the account credentials.
Patco Construction Company, a family-owned business in Sanford Maine, sued Ocean Bank, which is owned by People’s United Bank, after discovering in May 2009 that hackers were siphoning about $100,000 per day from its online bank account. The hackers had sent a malicious email to employees that allowed them to surreptitiously install the Zeus password-stealing trojan on an employee computer.
From customer's perspective, there's simply no way that the typical customer can protect themselves from this sort of attack. Zeus was perhaps the biggest trojan targeting online banking. Millions of computers got infected. If the established legal doctrine is "you're responsible for protecting yourself" then you can sum online banking up in two words:
I expect that this is far from being over, but this is seriously bad juju. Anyone who does online banking should think twice.