Now, don’t go getting all snippy about the title of this column. I’m not specifically referring to your own, personal stupidity, per se, but rather, the stupidity that seems to crop up all too often in the world of computers and the Internet.
The issue at hand is that of taking responsibility for one’s actions. Sometimes, stupid mistakes have serious consequences; sometimes, those consequences cost a lot of money. Stupidity happens. Just the other day I accidentally deleted a bunch of pictures from my digital camera. It was a stupid mistake, born out of ignorance. Did I sue Kodak, alleging they had made it too easy to delete pictures? No, I sucked it up, kicked my own behind and moved on down the road.
It’s a shame, but many people in our society have come to believe they should not be held accountable for their own stupid computer mistakes and that others should pay the expensive consequences that occur.
Case in point: Dallas-based Hi-Line Supply, Inc. versus Community Bank of Rockwall, Texas. Back in August of 2009, Internet bad guys managed to steal about $50,000 from Hi-Line’s online bank account, transferring the money to various accounts scattered around the country. Despite claims that the cyber-thieves “broke in” to Hi-Line’s account, there wasn’t much “breaking in” involved, because the crooks had Hi-Line’s usernames and passwords. They simply logged in and peacefully start transferring money.
“How could this happen?” you might ask. The answer is quite simple; it seems that Hi-Line’s computers were infected with a password-stealing virus that was grabbing bank account passwords and sending that information back to the bad guys. It wasn’t the banks’ computers that were infected, it was those owned by Hi-Line, the customer. It’s a scenario that is played out thousands of times every day. The weird part is many people want to blame their bank or credit card company for their own bad computer security. Instead of firing whoever was or should have been in charge of computer security at their company (who may ultimately be the company president/CEO), Hi-Line Supply wants their bank to pay for Hi-Line’s mistakes.
How this will all play out in court is anyone’s guess. Banks and credit card companies often contend that consumers bear the responsibility for safe computing practices, such as updated firewalls, antivirus programs and secure computer use policies, a contention with which I am inclined to agree. After all, if your car keys fall out of your pocket through a hole that you are too stupid or lazy to repair, you can’t really blame anyone else when a car thief uses those keys to steal your car.
On the other hand, some victims contend that financial institutions should be able to tell when someone other than themselves is using their passwords and moving their money around, and that they should be warned of such activity. How such schemes could be made to work is never fully explained, because, in truth, such schemes are pretty much impossible. The only scheme that really seems to sort of work is when your financial institution detects “unusual” account activity and calls you to see if it’s legitimate or not. Such schemes, though, are expensive, clunky and only marginally effective, as it’s hard to verify who’s really on the other end of the phone. It’s also hard to tell what constitutes “unusual” behavior because some people move large amounts of money all over the world all the time.
Other, more effective schemes, such a biometrics (fingerprint/retina scanners) are prohibitively expensive. Compounding the problem is that some consumers simply can’t be troubled by such bothersome security measures, writing them off as being too much of a hassle. Due to clever, high-priced cons run by the entertainment and media industries, they think computers are magic and online banking and commerce should be magic, too, so easy that even a cave dweller could do it.
One result of all this conflict is a loss of consumer confidence in online banking. Many consumers, seeing the risks involved, are dropping out of the online banking scene. Conversely, many consumers are still living in a computer/Internet fantasyland, thinking, “It can never happen to me,” using insecure computers and risking their entire financial well-being.
You may recall a column I wrote last January, titled, “Bankers say, ‘Beware online banking,’” available on my website. In it, I detailed how the American Bankers Association was recommending the use of a stand-alone, dedicated computer for engaging in online commerce, a computer that was not used for email, gaming, instant messaging or Internet surfing activities. Sadly, I have not met one single person who has taken what was said seriously enough to implement those recommendations. Will you be the first?