liability

Who is liable, bank or customer?


So we have tested


Often the question arises, who is liable in case of a financial damage in a phishing attack: the bank or the customer? All in all, victims of a phishing attack can have hope that the bank will pay for the damage they have suffered. The bank customer may require that debits and transfers without a legal basis be canceled by the bank.


False alarm test


Here, the bank can only claim the expenses for the booking. The bank can only escape the basic liability for reimbursement of the abused amount if it can show that the customer has violated his / her due diligence obligations. But this is a discretionary decision of the judges.


For example, the District Court of Wiesloch has decided that a bank is liable for the damage caused to an online banking customer by a phishing attack if the customer's computer meets an average requirement of care. A customer could only expect a "some kind of protection of the computer."


Guide: Basic equipment for Windows


Unless special security measures were contractually agreed, an antivirus program is sufficient. The court also pointed out that, in principle, the bank had to bear the risk of counterfeiting of a transfer order. Similarly, the Landgericht Landshut recently decided.


Our partner in the testing of security software, the Innsbruck laboratory AV-Comparatives, has carried out the testing of the anti-phishing functions with the Internet Explorer 7 on Windows XP 32bit, to exclude protection mechanisms of modern operating systems and browsers. The lab has adapted and virtualized its framework for the Real World Test.


The hardware used was a workstation with 2 Intel Xeon E5620 2.4 GHz and 96 GB RAM, with a total of 80 instances running. Theoretically, it would be possible to test 20,000 URLs per day. Most of the time, however, took crawling for phishing URLs and evaluation, as the testers tested each non-detection by hand.


Value, the auditors pointed out that each website was called up by each product at the same time to ensure the same update status of the programs and the availability of the page. In August 2011, 687 different phishing sites were contacted to obtain a statistically valid value.


Guide: 99 Tricks to Windows 7


The links come from sixty honeypots distributed all over the world and have been extracted from spam and scam emails for weeks. In doing so, the testers paid attention to the fact that the pages contained input masks and were still functional and on-line.


Duplicates were sorted out, both at IP level and equal pages on different hosts. After the test, the lab manually checked each phishing site and sent it to the manufacturers to ban the user.


The Webroot Internet Security Complete 7 had the highest detection rate of 98.6 percent, but also blocked 12 legitimate banks, including a Dutch and a Swedish.


For the false alarm test, about 1,000 banks were called from all over the world. Most manufacturers do not have false alarms here, K7's suite blocked a bank from Malaysia, Webroot is twelve from all over the world (s.o.)


A high detection rate for the tested security suites is important, but this should not lead to the blocking of clean web pages. The reasons for this are either too aggressive filter settings or too slow maintenance of the blacklists.


Buying advice: The best security suite


Especially for the inexperienced e-banking user it is threatening, if the homepage of the own bank is blocked as a threat in online banking. Especially in the current banking crises, he will wonder whether the bank has slumped into bankruptcy. In addition, dull users can quickly be warned against real warnings with a few false alarms.


Phishing sites have a very short life and often nest on regular websites. However, the entire page should not be blocked, but the filtering should be restricted to the directory with the fake page.


If a foreign site is abused for hosting, one can assume a negligence on the part of the website owner or provider. Only when there are security gaps on the site, the fraudsters can also inject their contents.


However, if the malicious code was deleted from the site, the anti-virus vendors should re-enable them as soon as possible. Often, whole server farms are used to host, where the security software often blocks the entire IP range.


Download: Table