Online banking security: the first case of online banking stolen depositors received full compensation

Complaints against online banking are common occurrences. In economically developed areas such as Beijing, Shanghai, Guangdong, and Jiangsu, the number of victims has been stolen from online banking accounts, resulting in the transfer of deposits and impersonation. The discussion about the theft of online banking has also evolved into a fight for the rights protection of online banking users.

Zhejiang: the first case of online banking stolen depositors received full compensation

On February 2, 2005, Hong Rongyao's mobile phone text message showed that his debit card was 102,500 yuan less and he reported the case to the police. After investigation, someone with a fake ID in the name of "Hong Rongyao" went to the Wenzhou branch of the Agricultural Bank of China to open an online banking service and obtained an online banking client certificate and password. Later, the person successfully transferred the more than 100,000 yuan of funds in the Hong Rongyao debit card to another person's account through online banking, and then received the money.

The first trial of the People's Court of Yongjia County, Zhejiang Province believed that the bank failed to seriously verify the authenticity of the information provided by the registrant of online banking, which caused the plaintiff's deposit to be taken by others. The court ruled accordingly: Agricultural Bank of China Yongjia County Sub-branch compensates depositors for deposits and pays interest, upholding the original judgment after retrial.

Beijing: Users sue the bank for being sentenced to "pay"

In September 2005, Industrial and Commercial Bank of China (5.59, 0.10, 1.82%) Beijing Haidian West Sub-branch depositor Mr. Yang ’s bank account was stolen through the online banking payment system for 60,000 yuan, so he took the bank to court. The bank argued in court that Mr. Yang ’s more than 60,000 yuan was remitted from his account through ICBC ’s online banking system. The transaction was issued after the Other party logged into the online banking system with Mr. Yang's account number and password, and they proceeded according to the instruction. In September 2006, the court finally failed to provide sufficient evidence to prove that the disappearance of its deposit was caused by ICBC's fault.

At the same time as the court heard the case, some ICBC clients with similar experiences spontaneously established the "ICBC Online Banking Victims Collective Rights Protection Alliance", expressing the need for collective rights protection litigation. The alliance has repeatedly submitted ICBC claims for compensation and sent open letters to bank supervisory departments and consumer associations. It is said that some members of the alliance have obtained ICBC's commitment to advance some of the losses. At present, this act of rights protection is still continuing, and the number of participants is increasing.

Shanghai: 160,000 yuan disappeared

On March 10, Mr. Mincai of Shanghai discovered that the two accounts of his CCB Shanghai branch totaled more than 160,000 yuan missing. After investigation, Mr. Cai's money was transferred to an account in Yunnan several times through online banking. Mr. Cai stated that he has not disclosed the password of online banking to others, and has never used a computer in a public place to log in to online banking. Moreover, in negotiations with the bank, Mr. Cai was informed that such incidents had occurred before, and said that online banking users should choose more effective security measures such as USBKEY or dynamic passwords. Mr. Cai wondered: Why has the bank never given him such a security warning before? CCB said that during that time there was no problem with the bank's online banking system, which may be caused by a virus or hacker attack on the client's computer.

At present, judicial affairs have been involved in this matter. CCB stated that it will cooperate with the public security department's investigation and will provide the bank information of the suspect and the IP address at the time of the crime as needed.

Looking at these cases, if a depositor fails to provide sufficient evidence to prove that his loss was caused by the bank ’s fault, his appeal is generally not supported by the court. The lawyer also believes that if the depositor accidentally leaks his bank card and password, or is seen by others, theft occurs; or the computer used by the saver is hacked and his bank card and password are stolen by the hacker, the bank does not assume responsibility. If the bank's network system does have flaws, it cannot safely protect the depositor's personal information, and the bank should be held liable in the event of theft. But depositors have difficulty in obtaining evidence in this regard, so lawyers suggested that the principle of inversion of the burden of proof should be used in litigation, and the proof of online banking should be proved by the bank.

Eight strokes to defend against online banking risks

The first measure: customers should check the website. When logging into online banking, customers should pay attention to verifying whether the registered website is consistent with the legal website in the agreement signed with the bank.

The second measure: customers should keep their passwords properly. Customers should never use their birth date, home phone number, and ID card number as their passwords. It is recommended to choose a representative combination of numbers and letters to set the password to increase the difficulty of password cracking.

The third measure: the customer should make good transaction records. Customers should make detailed records of each transfer and payment transaction that they handle in online banking, and regularly check their "historical transaction details" and regularly print their online transaction statement.

The fourth measure: customers should manage digital certificates. Customers should avoid using online banking transactions on public computers to prevent their digital certificates and other related confidential information from falling into the hands of criminals, thereby causing their online identity recognition system to be deliberately destroyed by criminals and making their online The account was stolen by others.

Fifth measure: Customers should be vigilant against abnormal dynamics. If the customer accidentally enters his bank card number and password into an unfamiliar website, and a prompt similar to "System Maintenance" appears, the customer should immediately call the bank's customer service hotline to confirm, once they find that their information has been For theft, you must immediately modify your relevant password and go to the bank to report the bank card loss.

Sixth trick: customers should install antivirus software. Bank customers should install firewalls and antivirus software for the computers they use, and often upgrade their computers.

Seventh trick: Customers should block software vulnerabilities. In order to better prevent criminals from using vulnerabilities in the software to enter their own computers to steal data, real-time monitoring of anti-virus software must be turned on when using online banking and online games, and personal firewall must be enabled. program.

Eighth trick: Every time you use the personal services of online banking, please select the "logout" option to log out, in order to prevent confidential information such as digital certificates from falling into the hands of others.