March 2, 2010
In a BankInfoSecurity
article titled “Trust on Trial: The 5 Lessons Learned from the Comerica Bank Lawsuit,” associate Alysa Hutnik
was quoted. The article discusses the data security lawsuit between Comerica Bank and its customer, Experi-Metal Inc, and outlines lessons that can be drawn from this case. In the lawsuit, EMI claims that the bank exposed its clients to phishing attacks.
Alysa recommends that customers be armed and educated. They should remain diligent about protecting their own accounts and contact the financial institution to confirm processes. “This case also demonstrates that no single security method is a panacea,” Alysa observes. Security tokens are not inherently secure, and digital certificates come with their own set of security challenges. The lawsuit re-emphasizes the need to educate customers not only on the benefits of online banking, but also the importance of protecting access to these accounts.
Alysa also notes that the type of phishing spoof that occurred in the Comerica case will likely continue to happen – until banks and their customers wake up to it and it no longer succeeds. "The costs of running this type of a scam are so low that if anyone falls for it, the fraudster has made a profit," Alysa says. "And when the fraudster can hit a $550,000 jackpot while operating nearly anonymously from almost any place in the world, there's every reason to believe that the fraudster will continue to do the same thing until he or she is caught or no one falls for it."