A title insurance firm in Virginia is suing Capital One over
an eight-day data breach resulting in over $200,000 in losses due to lack of
In June 2010, cybercriminals infected computers of Global
Title Services with the Zeus Trojan, which in turn gave them direct access to
the companys network and online banking passwords. According to the suit,
Global Title is holding Capital One responding for allegedly failing to provide
commercially reasonable security procedures.
By operating a single factor identification online banking
system, Capital One lefts its customers open to identity theft and
failed to take sufficient safeguards to prevent unauthorized access to its
clients online banking accounts, including the ability to send wire
transfers, the company charged in its complaint.
If dynamic knowledge-based
authentication had been part of the login process, it would have been much
more difficult for this cybercrime to be accomplished.