In this scenario, the personal computers of the customers were affected by a keystroke logger virus that captured keystrokes without the knowledge of the owner of the computer and collected information that was eventually used to fraudulently extract monies from the bank accounts held at VL Bank. This is a clear case of computer fraud and the following two laws and regulations can be used to charge the criminals of the offenses committed:
1. Computer Fraud and Abuse Act: The 18 U.S.C § 1030 essentially states that any unauthorized access to a computer accompanied by intentionally gathering information that the abuser is not entitled to, is punishable by relevant fines. The law clearly applies in this case as the customer did not explicitly give permission to access the information that the keystroke logger virus gathered.
2. Identity Theft and Assumption Deference Act: The 18 U.S.C § 1028 is also applicable in the current scenario. As per this law, if anyone knowingly transfers or uses without lawful authority, someone elses …show more content…
Create additional Verification on Account Creation: Essentially, in this case the hackers were able to obtain customer information from unsecure personal computers. But using that information, they were able to create fraudulent accounts and that is unacceptable as per the standard mentioned above. The bank needs to setup several approvals in place before account creation, including but not limited to actual physical phone calls to the account owner to establish identity verification.
2. Program mapping of new accounts with existing customers: The VL Bank application services need to have background processing with account creation to automatically link the new account with existing customer if a map is found. This will ensure there are no duplicate accounts for the same customer to prevent identity and monetary