Friday, September 25, 2009

Is state-of-the-art security going to become a new legal standard?

In another recent case, a US District judge allowed a couple to bring a case against a bank, who alleged that the bank failed to implement state-of-the-art security technology, which resulted in their becoming victims of online bank account of about $26,000. The judge refused to dismiss the case, clearing the way for the court case to take place. The judge stated: “In light of citizens' apparent delay in complying with FFIEC security standards, a reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs' account against fraudulent access.”

I'm sure this would apply for failure to implment PCI DSS requirements, but what about not using TDES after 7/1/10, or not implementing end to end encryption after several top retailer implement it?

http://www.securecomputing.net.au/News/156418,us-court-rules-that-bank-failed-to-protect-customer-against-fraud.aspx

0 comments:

Post a Comment