Pinned Down by a Denied Fraud Claim
When a woman from Toronto reported her debit card stolen, she likely felt safe in the knowledge that any fraudulent charges that followed would be covered by the bank and would not be her responsibility. Unfortunately for her, that was not the case and she was told that the $8.879 racked up by the thieves would have to be repaid - with interest.
The reasoning the bank gave to Dana Roeger, a university student studying in Ottawa, was that the PIN she chose for her bank card was not sufficiently secure, implying it was either too easily guessed or intentionally shared, which would be a violation of the cardholder terms and conditions. In her case, her PIN was the last four digits of her phone number, but birthdates and simple patterns (e.g. 1111, 1234) are equally frowned upon.
Similarly, cyber risk insurance policies come with terms and conditions which spell out circumstances in which the policy holder could be deemed negligent in security, resulting in denied claims. For this reason, it's critical for individuals and organizations alike to understand their risks and take action in protecting themselves so they don't find themselves without the protections of insurance in their time of need.
Fortunately, the bar for demonstrating due care is still quite low, but it is getting higher with each passing year as the global prevalence of cyber-crime increases. Being a little paranoid should be the new normal and consumers and businesses need to consciously include privacy and security in their everyday actions.
Is your password so weak that it could cost you everything in the event of a breach?