Cybercrime Keeps Banking Fraud Attorneys Busy

Daily Journal - California's Largest Legal News Provider
http://www.dailyjournal.com/subscriber/submain.cfm?Multipl...
Classifieds/Jobs/Office Space : Experts/Services : MCLE : Search : Logout
MONDAY
TUESDAY
WEDNESDAY
Previous
THURSDAY
Next
Questions and Comments
TODAY
Bookmark Reprints
NEWS
RULINGS
VERDICTS
Friday, March 20, 2015
This is the property of the Daily Journal Corporation and fully protected by copyright. It is made available only to Daily Journal subscribers for
personal or collaborative purposes and may not be distributed, reproduced, modified, stored or transferred without written permission. Please click
“Reprint” to order presentation-ready copies to distribute to clients or use in commercial marketing materials or for permission to post on a website.
Cybercrime keeps banking fraud
attorneys busy
BByy JJoosshhuuaa SSeebboolldd
The increasing rate of cybercrime
aimed at banks is creating an uptick in
business for attorneys who advise
financial institutions on their online
fraud prevention programs. The issue
has been driven home by the
inordinately high rate of fraud among
Apple Pay transactions.
Independent consultants have pegged
instances of fraud at around 6 to 7
Associated Press Apple Inc. CEO Tim Cook discusses the
percent of all payments made through
new Apple Pay product during an event at the company’s
the system, a massive number compared Cupertino headquarters in October.
to the fraud rate for traditional credit
card transactions, which is significantly less than 1 percent.
But observers say the problem isn't on Apple Inc.'s end; it has largely been caused by
inadequate security protocols at the banks themselves, leaving financial institutions
scrambling for advice on how to update their policies and train employees on fraud
prevention.
These fraudulent transactions almost inevitably involve credit card numbers stolen
from consumers through hacking attacks on commercial retailers, not Apple itself.
This is good news for Apple but very bad news for the banks, because federal
regulations dictate that they must cover the costs of fraudulent transactions
perpetrated on their consumer customers. Businesses that suffer fraud caused by
hacking attacks are on their own.
Despite Apple's limited role in the uptick in fraud, the rocky rollout of its new
payment program also has third-party vendors calling their attorneys, who warn that
inadequate security measures in financial services apps can create major liabilities for
the technology companies and the banks who partner with them.
Roughly 150 banks have signed on for Apple Pay to date, including Citibank NA and
Bank of America NA.
"There's all kinds of increasing regulation where the government has said 'part of
your job is to monitor your vendors very carefully and find out if they're holding up
their obligations to protect security,'" said Paul M. Schwartz, co-director of the Berkeley
Center for Law & Technology and a special adviser to Paul Hastings LLP.
The Consumer Financial Protection Bureau announced in 2012 that it would start
holding banks responsible for security lapses among their vendors, such as the creators
of payment apps and other third party tools financial institutions offer to customers.
Attorneys said it took some time for that regulatory scheme to flesh itself out, but
they see strong similarities to how the Health Insurance Portability and Accountability
Act has been applied to vendors serving the healthcare industry, under the designation
of a "business associate."
1 of 3
Litigation
Clients praised Ellen Pao, but a male senior
partner testified she was 'pushy'
Despite glowing reviews from her clients, Ellen Pao
was viewed as an overly competitive employee by
male senior partners at venture capital firm
Kleiner Perkins Caufield & Byers.
Bar Associations
State Bar committee will consider cutting
bar exam to 2 days
After mulling for years over whether to cut a day
from the state's bar exam, the California State
Bar's Committee of Bar Examiners plans to vote on
the proposal Friday in San Mateo.
Solo and Small Firms
Close-Knit Creed
The attorneys of Los Angeles-based corporate firm
Credo LLP - the name of which is Latin for we
believe - seek to create a flexible, collaborative firm
in the emerging growth and M&A space.
California Supreme Court
State Supreme Court to rehear appeal in
murder case based on new law
State lawmakers spoke last fall and the state
Supreme Court listened Wednesday as the justices
voted to rehear the murder appeal of a man
convicted on forensic evidence, later recanted,
linking him to a bite mark on the victim.
Government
Judges return with bill to limit peremptory
challenges
After a bill to limit peremptory challenges died in
committee last year, the California Judges
Association has introduced similar legislation,
arguing excess challenges waste time. Defense
attorneys vow to fight the legislation.
Entertainment & Sports
9th Circuit sends back Talent Agency Act
for ruling on standing, jurisdiction
The 9th U.S. Circuit Court of Appeals on Thursday
revived a constitutional challenge of the state's
Talent Agencies Act, saying a lower court ruled in
the wrong order in a case much watched by
entertainment lawyers.
Corporate
Matheson Trucking names new chief legal
officer
The Sacramento trucking company announced
Thursday the appointment of Charles J. Mellor as
senior vice president and chief legal officer.
Law Practice
Paul Hastings poaches McDermott IP
rainmakers
Paul Hastings LLP is poaching rainmaking patent
3/20/15 3:59 PM
Daily Journal - California's Largest Legal News Provider
http://www.dailyjournal.com/subscriber/submain.cfm?Multipl...
That change in HIPAA enforcement left health care providers and their vendors
scrambling for legal advice, and attorneys say financial services startups are now in a
similar position.
Erin F. Fonte, the head of Cox Smith Matthews Inc.'s privacy, cybersecurity and
digital commerce practice groups, said the Bitcoin phenomenon and ongoing
announcements from major technology companies getting involved in financial services
have lured a bevy of startup entrepreneurs into a highly regulated space many of them
know very little about.
While companies like Facebook Inc. - which announced this week it will be adding
payment transfers as a new function in its Messenger app - can dedicate entire legal
teams to new services, the buzz around these technologies is drawing in a variety of new
entrants that have nowhere near the resources needed to ensure they avoid regulatory
backlash.
Not only are startups ill-prepared to offer financial services, many banks haven't
adequately prepared their staff to be aware of the new risks either.
Observers say the problems with Apple Pay have largely been caused by bank
employees becoming excited or distracted by the novelty of offering the new product
and ignoring some of the protocols they would normally follow when assisting
customers.
Fraudsters steal a user's personal identifying information, along with a credit card
number, and use it to talk their way into getting a bank employee to attach the stolen
card to their Apple Pay account, at which point they can buy goods at a physical store
and disappear long before the fraud is discovered.
If the victim is a consumer and not a commercial banking client, the financial
institution has to foot the bill for the fraudulent charges.
Fonte predicts banks will shift to relying more on "out-of-wallet" questions. These
are the "secret questions" some websites prompt users to enter, such as "which of these
five streets have you not lived on?" These questions are much more secure than other
login information because the answers can't be easily stolen.
"It's supposed to be something that's in the person's brain and someone can't get it
by stealing your wallet or hacking into your email," she said.
Fonte added that larger banks are starting to experiment more with biometric logins,
using technology like Apple's fingerprint scanner on the newer versions of the iPhone.
"I have one financial institution [client] that's going to use your heartbeat," she said.
Larger banks have also been increasing their internal ranks, adding legal and
compliance positions to help structure fraud prevention programs and train employees.
But those options are far beyond the means of smaller regional banks, which don't
want to miss out on the opportunity to offer their customers hot new financial
technologies, but can't afford to take such elaborate security steps.
Steven Casselberry, a partner at Michelman & Robinson LLP, said small banks are
finally getting the message that they need to address cybercrime risks, but the current
solutions aren't very palatable.
Regulators such as the CFPB and the Federal Deposit Insurance Corporation have
encouraged smaller banks to share more information about cyber breaches, to help
make up for their lack of resources.
Financial institutions have been extremely reticent to pursue that strategy though, as
regulators haven't assured them that they can do so without violating rules about
sharing customer's information or risking class action lawsuits.
"From a privacy standpoint you simply don't share account information," Casselberry
said. "The FDIC is going to have to come out with some guidelines and safe harbors to
convince the banks this is something they want to do."
litigators Yar R. Chaikovsky and Blair M. Jacobs
from McDermott Will & Emery.
Ethics/Professional Responsibility
Association of Business Trial Lawyers
adopts new civility guidelines
E-discovery and an ombudsmen civility program
are addressed in the Los Angeles Chapter of the
Association of Business Trial Lawyers or ABTL's
newly adopted ethics, professionalism and civility
guidelines.
Criminal
Shine a light on 'postcard' dispositions of
habeas petitions
Unless a state court provides some meaningful
discussion of a habeas claim, the petitioner is
unlikely ever to obtain that discussion, from any
court. By Alex Coolman
Labor/Employment
Workers need access to swift resolution of
cases
If the U.S. Supreme Court rules that courts can
review the EEOC's conciliation activities, it will
have strong negative repercussions for women
employed in blue collar, nontraditional
occupations. By Jennifer A. Reisch
Precluding review will produce more
litigation
In a case the U.S. Supreme Court will soon decide,
the justices should overturn the 7th Circuit's ruling
that courts are prohibited from reviewing the
sufficiency of the EEOC's pre-suit conciliation
activities. By Rae T. Vann
Ethics/Professional Responsibility
Wrestling with withdrawal and
confidentiality
What information may an attorney ethically
disclose to the court to explain her need to
withdraw from representation? That's a tough one.
By Diana DiGennaro
Ethical considerations for lawyers in age of
the cloud
Lawyers routinely use smartphones, tablets and
other devices to perform legal work, which
translates into speed and convenience. But that
speed and convenience comes at a price. By
Wendy Wen Yun Chang
Intellectual Property
When product design serves as trade dress
A surge in design patent/trade dress litigation has
strained the longstanding tension in the law
between unprotected functional elements of
product design and appropriately protected trade
dress. By Todd M. Lander
Ethics/Professional Responsibility
Arbitration's lesser-known dark side
Articles often extol the virtues of arbitration - such
as to help avoid runaway jury awards or excessive
attorney fees - but they never address arbitration's
dark side. By Walter A. Taylor
Alternative Dispute Resolution
2 of 3
3/20/15 3:59 PM
Daily Journal - California's Largest Legal News Provider
joshua_sebold@dailyjournal.com
Previous
Next
http://www.dailyjournal.com/subscriber/submain.cfm?Multipl...
Charles Byron Renfrew
At age 86, Charles B. Renfrew continues to be a
respected, go-to alternative dispute resolution pro
who handles major national and international
cases.
Judicial Profile
Peter J. Busch
Superior Court Judge San Francisco County
Banking
Cybercrime keeps banking fraud attorneys
busy
The increasing rate of cybercrime aimed at banks
and sloppy implementation of new finanical apps
is creating a lot of business for attorneys who
advise financial institutions on their online fraud
prevention programs.
HOME : MOBILE SITE : CLASSIFIEDS : EXPERTS/SERVICES : MCLE : DIRECTORIES : SEARCH : PRIVACY : LOGOUT
3 of 3
3/20/15 3:59 PM