[LINK] SMH: 'Citibank / NAB Fraud'
Roger Clarke
Roger.Clarke at xamax.com.au
Thu Oct 20 09:02:38 AEDT 2011
[We agonise over risk-managed authentication for Internet Banking and
ePayments generally. And so we should.
[But six-figure transactions are still done using facsimile
signatures - and in this case, they were 'facsimiles' in both senses
of the word.
[Do FIs never use the confirm-with-client approach, or the
two-channel authorisation approach?]
Citibank left with $500,000 fraud bill after impostor scam
Leonie Lamont
The Sydney Morning Herald
October 20, 2011
http://www.smh.com.au/business/citibank-left-with-500000-fraud-bill-after-impostor-scam-20111019-1m83q.html
CITIBANK has been left $500,000 poorer and the National Australia
Bank has been spared the financial embarrassment of an international
fraud perpetrated on it by an impostor, according to an intriguing
judgment in the NSW Supreme Court.
The incident happened in November 2010, when Citibank's Sydney branch
received a fax purporting to be from client William Co-Buchong,
instructing the transfer of $US500,000 from his multi-currency at
call account, to an NAB account jointly held in his name.
Using the SWIFT international clearing house system of international
funds transfers, Citibank transferred the money to the NAB account. A
few days later, NAB's World Square branch received faxes of three
international telegraphic transfer application forms, each ostensibly
signed by Mr Co-Buchong.
The first form, dated in October, requested a transfer of $15,000 to
an HSBC Hong Kong account for a Ma Susana Velarde Palon, who had a
Philippines address.
The second and third forms, dated November, both requested $225,0000
transfers to HSBC Hong Kong accounts held by Rosy Teresa Mendoza and
Molina Rommel Tuazon, also from the Philippines.
The NAB assistant branch manager checked the signature on the forms
against Mr Co-Buchong's signature on its verification system, and as
there were sufficient funds, transferred the sums.
However, the faxed instructions to both banks were false. Justice
David Hammerschlag said Mr Co-Buchong, and the joint signatory on his
NAB account had sued the banks, and had since settled and had their
money returned.
All that remained was the cross-claims between the banks as to who
should bear the loss.
''This involves the question whether Citibank is entitled to be paid
back the money it paid over to NAB,'' Justice Hammerschlag said.
After canvassing contradictory legal case history, he concluded:
''Both parties were duped. However, Citibank paid out first without
the customer's authority, as a result of which NAB credited the
customer's account, rendering it vulnerable to the fraud to which it
succumbed.
''In these circumstances and where neither party criticises the other
for falling for the fraud, it would lead to an inequitable result
were Citibank to be made whole at the expense of NAB.''
Judy Hitchen, a spokeswoman for Citibank said the customers were
''the unfortunate victims of a sophisticated identity theft''.
''The court noted that there was no allegation of negligent conduct
or failure by the banks to meet relevant banking standards. In fact,
through verification and control systems in place at the time, we
were able to constrain the losses by detecting and preventing a
subsequent attack on the customers' account,'' she said.
''Banks are acutely aware of the growing sophistication of fraudsters
and their ability to obtain detailed personal information of
individuals. Citibank is constantly reviewing and enhancing its
controls to reduce the incidence of fraud and reminds consumers to be
ever vigilant in the protection and security of their personal
information.''
The case is being investigated by Australian and overseas police.
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list