Published on:

The Internet of Things (“IoT”) is the next evolution and is making a remarkable impact on technology and our way of life. In fact, the availability of an omnipresent network connectivity has fostered the widespread use of smart devices.

Devices are now able to communicate with each other through embedded sensors that are linked by wired and wireless networks. For example, they include thermostats, automobiles, or pills that permit a physician to monitor the patient’s health.

Technology has allowed us to detect and monitor changes in the physical status of connected devices (e.g., RFID, sensors) in real-time. Technology advancements allow networks and objects they connect to become more intelligent. The factors that are currently driving growth, include, development of smart cities, smart cars, and smart homes, enhanced connectivity infrastructures, and a connected cultures.

What Are the Legal Concerns?

First, privacy is a concern. Unlike the Internet (i.e., world-wide-web), where the majority of information on an individual is either public or user-posted information, the IoT is governed by information that is stored by devices without human-intervention. Privacy may be compromised through sensor technologies, wearable technologies, Unmanned Aerial Systems (“UAS”), or Unmanned Aerial Vehicles (“UAV”).

Wearable technology is able to generate constant, convenient, seamless, portable, and hands-free access to electronics and computers. It can be used in the military, law enforcement, entertainment, and healthcare industries. However, with every benefit comes a risk. In this case, the risk is violation of privacy rights.

Drones (i.e., flying robots) are being used by military and non-military persons. These flying robots include UAS and UAV, which are remotely-piloted autonomous systems. These machines are useful for clandestine or covert operations. However, adapting to these new devices has not been easy for society. The major concerns, include, but are not limited to, regulation, insurance, and privacy.

Second, security is another concern. Devices are now able to interact with other devices for business and personal reasons. We can control information from a single device that is synchronized with other devices. Also, devices can synchronize data with other devices, which permits collaboration, sharing, and backing up of information. So, in order to adapt to this evolution, the legal system must concentrate on the interaction of information technology with other industries. In addition, the legal system must implement a uniform view to accommodate information technology.

Remote access allows criminals to obtain access to a network that contains confidential information (i.e., trade secrets). In other words, cybercrime is a growing problem. Other issues with remote access include, data privacy, protection of proprietary rights, and liability for unauthorized use of systems.

What Are Governments Doing About It?

In recent times, the Federal Trade Commission (“FTC”) has held public meetings on this topic. For example, it has held a public workshop to explore consumer privacy and security issues posed by the growing connectivity of devices. These workshops focus on privacy and security issues related to connectivity for consumers—both at home (e.g., smart home appliances), and when consumers are mobile (e.g., fitness devices, personal devices, and automobiles). The European Union has also addressed IoT and its risks, such as privacy, security and trust.

At our law firm, we assist clients in matters related to internet, privacy, and security.  You may contact us in order to setup a free consultation.

Published on:

Electronic discovery (a/k/a “eDiscovery”) is the process of identifying, locating, preserving, collecting, preparing, reviewing, and producing electronically stored information in the context of the legal process. Electronically stored information (“ESI”) includes anything that can be stored in electronic form on a computer or other media device. A computer is defined as “an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions (e.g., desktop, laptop, smart phones, tablets, CDs, DVDs, flash drives, backup tapes, voice mail, servers, and access control systems).

What Are the Issues That Arise During Electronic Discovery?

The following issues may arise during the course of electronic discovery:  First, the attorney-client privilege and work-product doctrine play a key role.  The attorney-client privilege protects the confidentiality of communications between an attorney and his/her client.  The work-product doctrine prevents a party from discovering documents that are prepared in anticipation of litigation.

Second, there should be an effective record management program.  A business record is a vital asset and yields value. Therefore, a business should implement a mechanism in order to properly preserve and discard documents, when and if necessary. The business should also implement a proper data retention policy and classification scheme.

Third, a business must be ready for litigation because it faces potential lawsuits and government investigations pursuant to regulatory and compliance demands at all times.

Fourth, is the process of legal hold and evidence preservation.  A legal hold is to preserve relevant information when litigation is reasonably anticipated. This process can have significant impact on cost, resource allocation, and business disruption.  The failure to preserve records (i.e., paper or electronic) and to search in the right places for those records can result in the spoliation of evidence. In general, the courts have the authority to impose sanctions if there is spoliation of evidence, especially if someone acts negligently or in bad faith.

Fifth, there are meet and confer obligations between the parties.  In fact, FRCP 26(f) mandates the early meet and confer conference between the parties and is designed to promote a discussion regarding discovery parameters.

Sixth, is the issue of strategic litigation challenges in handling data. It includes identification, collection, preparation/processing, review and production.  The main issue for data collection is keeping a proper audit trail.  The main concern in preparation/processing is to create maximum visibility for the collected data.  The main issue for data review is to make sure that quick methods are used to scrap and scan key documents.  The main goal in data production is to finalize the task quickly and accurately.

What is the Future of eDiscovery?

In conclusion, the future of eDiscovery is important. It includes information governance and supporting information as a valued asset. One of the cutting-edge developments is computer learning, not only for document reviews, but also for managing business records.  The law is not uniform across jurisdictions, but it is evolving with time.  Also, there is the issue of government surveillance of electronic information (e.g., PRISM).   As we know, the government is scanning internet traffic and targeting encrypted files.  Although, it takes time to decrypt data, massive amounts of electronic data are being captured for various reasons.

At our law firm, we assist clients in matters related to electronic discovery and data collection.  You may contact us in order to setup a free consultation.

Published on:

In these days, many people spend time on their electronic devices to become members of internet dating services. Many companies are now providing online dating services to their members. In general, the online dating services require their members to submit a profile, which may include personal information (e.g., name, email address, date-of-birth, and photos). As a result, the internet dating service may be sued by its members or third parties for various legal claims.

What Are the Typical Legal Claims Against Internet Dating Services?

In recent years, the internet dating services have been targets of lawsuits.  In some cases, the internet dating service may facilitate sexual encounters between its members, which can lead to its member being arrested for having sex with a minor.  In other cases, the members defame, harass, stalk, or bully each other.  In these cases, the courts have enforced or dismissed the civil claims against the internet dating service for various reasons.  The typical claims against the internet dating service may be for breach of contract, negligence, deceptive trade practice, Lanham Act violation, failure to warn, invasion of privacy, defamation, or fraud.  It is important to note that each of the aforesaid claims requires specific elements and supporting evidence to pass muster in court.  See The Perils and Pitfalls of Online Dating for more information.

In breach of contract cases, an agreement is formed when the member checks a box indicating that he/she is over 18 and has read and agreed to the website’s terms and conditions and privacy policy. These terms and conditions usually mention that the service cannot guarantee and assume responsibility for verifying the accuracy of the information provided by users. So, the online dating service does not promise to prevent minors from registering or to monitor members’ profiles for accuracy. In order to hold the online dating service liable for breach of contract, the plaintiff must allege that it has breached a promise that was actually part of the contract. In another case, an unknown person posted a personal profile of an actress without her knowledge, consent, or permission. The actress filed a lawsuit against the online dating service for invasion of privacy, misappropriation of the right of publicity, defamation, and negligence. The court ruled in favor of the online dating service after determining that it had not failed to enforce its own policies prohibiting publication of street addresses, e-mail addresses, and offensive/sexually-suggestive language.

In failure to warn cases, a valid claim requires a duty to warn, a breach of that duty, and injury proximately resulting from the breach. If the danger is open and obvious, there is no duty to warn and the risk is obvious when the danger is known by the consumer. Also, it may be sufficient to mention on the website that the online dating service cannot verify its members’ information.

What Are the Other Potential Issues?

In other cases, violations can rise to the level of cyberharassment, cyberstalking or cyberbullying.  In fact, cyberbullying has many manifestations, including, but not limited to, Instant Messenger, websites, e-mail, or text messages. Unfortunately, law enforcement agencies lack the technology or resources to focus on internet-based harassment, stalking or bullying. In some cases, advocates have argued that online dating services should run background checks on their members. However, even that precaution may invite liability towards them.

At our law firm, we assist clients in matters related to online dating services and legal liabilities. You may contact us in order to setup a free consultation.

Published on:

Online banking is an electronic payment system that enables customers of a financial institution to conduct financial transactions on the web.   In today’s high-tech world, online banking fraud is committed on a daily basis.  As such, sometimes customers may not be liable for certain unauthorized online transactions, subject to the terms and conditions of the bank’s service agreement.  Online banking fraud is to defraud a financial institution or obtain money or other property under the custody of a financial institution by false pretenses.  A related issue includes financial identity theft.   So, financial institutions use encryption technology (e.g., secure socket layer – a/k/a “SSL”) to prevent unauthorized access to data.

In general, the customer must notify bank within 60 days after receiving a periodic statement pursuant to 15 U.SC. § 1693f.  Under 15 U.S.C. § 1693g(b), the burden of proof of consumer liability is on the bank.  So, in order to establish a customer’s liability, the bank must prove the transfer was authorized.  In case of a violation, the bank may be subject to civil liability under 15 U.S.C. § 1693m.

What Are the Common Methods Used to Defraud Customers?

First, the fraudster may engage in social engineering, which is a method that persuades online users to give up personal information by posing as a trustworthy individual or organization.  It can occur through emails and text messages.  Second, the fraudster may use malware, which is malicious software installed on a computer without a user’s consent. It records keystrokes, redirects browsers, or displays fake websites to impersonate the user in online banking transactions.  Third, the fraudster may engage in phishing, which happens by using emails and websites to falsely purport to be associated with legitimate banks, financial institutions, or companies.  It manipulates online users into disclosing personal and financial data.  Fourth, the fraudster may engage in vishing, which is the telephone equivalent of phishing. In this scenario, the fraudster calls the victim, pretends to be a bank official, and tricks the victim into disclosing personal or financial data.

What Are the Applicable Laws?

Regulation E establishes rights, liabilities, and responsibilities for consumer transactions.  A consumer may be liable for up to $50 of an unauthorized electronic funds transfer, unless he/she fails to timely notify the financial institution of a loss or theft.  If the unauthorized transfer is reported by the consumer, then the financial institution must resolve the claim within a specified deadline under 12 C.F.R. Part 205. The Electronic Fund Transfer Act (“EFTA”), which is implemented by the Federal Reserve Board through Regulation E, protects individual consumer rights from: (i) transfers through ATMs; (ii) POS terminals, (iii) ACH systems; (iv) telephone bill-payment plans in which periodic or recurring transfers are contemplated; and (v) remote banking programs.

The Uniform Commercial Code (“UCC”) applies to commercial transactions.  It provides less protection for commercial customers.   In essence, a commercial customer has 1 year to discover and report any unauthorized signatures or alterations.  Under the comparative negligence theory, the bank’s liability for negligence is diminished according to customer’s share of fault.

At our law firm, we assist clients in legal issues related to online banking fraud. You may contact us in order to setup a free consultation.

Published on:

Bitcoin is a decentralized, peer-to-peer digital currency (i.e., virtual or cryptocurrency) that is used like money. It is not a program that is traded like money. In simple terms, it is a ledger that keeps track of a user’s transactions. It can be exchanged for traditional currencies (e.g., U.S. Dollar) or used to purchase goods and services. It can be used to send money to other countries without worrying about exchange rates or currency conversion fees.   It operates without a central authority or bank and is not backed by any government. The Internal Revenue Service (“IRS”) has declared that it will treat virtual or digital currencies as “property” for federal tax purposes.

What Are the Main Issues?

The main issues include: (a) money laundering; (b) tax evasion; (c) banking without a charter; and (d) state escheat statutes.  In general, cryptocurrency is uninsured, unregulated, and volatile. On May 7, 2014, the Securities Exchange Commission (“SEC”) issued an advisory warning investors about potential risks. In February 2014, Mt. Gox (a Tokyo-based Bitcoin exchange) filed for bankruptcy after hackers allegedly stole approximately $500 million. In addition, Flexcoin shut down after being hacked.

On September 18, 2014, the Securities and Exchange Commission (“SEC”) charged Trendon Shavers for an alleged Bitcoin-related Ponzi scheme. Mr. Shavers advertised a Bitcoin “investment opportunity” in an online Bitcoin forum, promising investors up to 7% interest per week and that the invested funds would be used for Bitcoin activities. Instead, he allegedly used Bitcoins from new investors to pay existing investors and to pay his personal expenses.

Money laundering is process of hiding the existence, use, or origin of illegally-derived funds to make them appear legitimate. Digital currencies are attractive for money laundering since they allow quick and unknown transfers.   The Bank Secrecy Act requires financial institutions to register with the government, implement anti-money laundering procedures, keep data, and report transactions. The Money Laundering Control Act of 1986 criminalizes money laundering. So, do these laws impose a legal risk for the digital currency developers, providers, miners, users, or acceptors?

On February 19, 2014, the SEC suspended trading of Imogo Mobile Technologies due to questions about the accuracy and adequacy of publicly-disseminated information about its business, revenue, and assets. Shortly before the suspension, the company announced that it was developing a mobile Bitcoin platform, causing a significant movement in the trading price of its securities. See http://www.sec.gov/litigation/suspensions.shtml for more information.

What Are the Applicable Laws?

At this time, Canada does not have a specific law that regulates Bitcoins. The European Union has passed no specific legislation relative to the status of Bitcoin as a currency.  In October 2012, the European Central Bank issued a report on virtual currency schemes that discusses the Bitcoin system and briefly analyzes its legal status under existing European Union legislation. The United Kingdom has not released an official statement on the Bank of England’s website regarding its position towards Bitcoin.  As stated above, on March 25, 2014, the IRS stated that Bitcoin is a form of ‘property’ rather than a currency.

Economists believe that Bitcoin should be regulated, as it can help ordinary people use an alternate source of money in case of inflation, capital controls, or loss of savings. Bitcoin will probably stay complicated, but the system that creates Bitcoins is secure and stable. It may not have a future as a currency, but can be considered a commodity.   For the time being, numerous companies (e.g., Overstock, Virgin Galactic, WordPress, Paypal, Zynga) accept Bitcoin as a form of payment.

At our law firm, we assist clients in legal issues related to internet, cyberspace, and digital currency-related issues. You may contact us in order to setup a free consultation.

Published on:

Pay-per-click (“PPC”) advertising is a profitable online service that search engines, such as Google, Yahoo, or Microsoft, provide their customers. Now recently, PPC fraud has developed and caused loss of revenues for businesses and advertisers.   PPC fraud occurs when someone or a program clicks on a company’s advertisement without intending to view the website or buy anything.

Many companies have filed lawsuits against search engines, claiming that they have breached the terms and conditions of their contracts. These companies have alleged that the search engines, acting as the intermediaries, that published their online advertisements improperly charged them for fraudulent clicks. Two questions can be raised by these implications. First, how should a chargeable click be defined within the advertising contract? Second, does a search engine have any duty to protect advertisers from fraudulent clicks?

What is PPC Advertising?

PPC advertising is interactive advertising since the visitors click on displayed ads and get routed to the advertiser’s website. The advertisements are customized under specific keywords or search terms. For example, a law firm that specializes in internet or cyberspace law may use those terms in its PPC advertising. The advertisers pay the intermediaries (e.g., Google, Yahoo, Microsoft) which publish their advertisement for a previously-agreed-upon fee.

There seem to be two forms of click fraud wrongdoers: (a) competitors; and (b) affiliates. Competitors click on their competition’s online advertisements to increase charges for their competition. Affiliate click fraud is executed by a third party (i.e., affiliate) who hosts the advertisement in exchange for a portion of the click stream revenue. Thereafter, the affiliate executes fraudulent clicks in order to increase the fees and shares of revenue. This form of fraud is executed manually or by using software programs (e.g., robots).

What Can Search Engines Do Or Claim In Their Defense?

On the defensive side, search engines and intermediaries that face a lawsuit should claim, and ultimately prove, that their conduct did not violate their contract’s terms or conditions.  In addition, they should include a provision in their contracts that gives them the sole authority in determining the click count.  This way, they can enjoy a certain degree of flexibility without acting in bad faith. They should define “actual clicks” in the contract.  They should also review their own promotional or information material and strike a balance between reassuring advertisers and forming high expectations of click fraud protection.

At this time, it is difficult to implement a functional detection system in order to detect or prevent invalid clicks. Therefore, the removal of every invalid click from an advertiser’s invoice is equally difficult.  The solution may be to utilize software that can detect, document, and prevent click fraud.  There are a variety of technologies (e.g., weblog analysis software) that can help identify suspicious clicks.

At our law firm, we assist clients in legal issues related to internet, cyberspace, and pay-per-click fraud. You may contact us in order to setup a free consultation.

Published on:

In recent years, global positioning system (“GPS”) technology has increased in usage on various GPS-enabled devices (e.g., cars, smartcards, handheld computers, and cell phones).  This technology brings value to its users, however, it has caused a significant decrease in privacy. Private and public organizations are able to collect and use the information for different purposes. For example, private organizations may collect data for marketing. Naturally, there are proponents who argue for governmental or non-governmental collection and use of information for different reasons (e.g., national security, emergencies). There are also proponents who argue that the collection and use of information leads to abuse (e.g., unauthorized access, invasion of privacy). Therefore, we need clear and uniform legal standards to control when anyone can collect and use information about an individual.

At this time, there is no law that restricts the government’s collection or use of GPS tracking information against individuals. However, some states have enacted legislation that restricts the commercial use of GPS. The Fourth Amendment limits the use of GPS technology, but its protection from unreasonable search and seizure is less effective due to recent technology advancements.

The main issue is privacy.  In today’s highly-technological world, most individuals carry their cell phones all the time. So, wireless network providers (a/k/a cell phone carriers) are able to track the individual’s movements. On a side note, GPS technology has been used to save lives in emergencies. The Federal Communications Commission (“FCC”) mandates wireless network providers to submit the cell phone location for emergency 911 calls (“E911”) that have been made from cell phones. The law on this issue is relatively clear. It permits cell phone carriers to provide information to third parties (e.g., FBI, NSA, or Police) for E911 emergency calls only. However, they need the cell phone owner’s consent in any other situation.

It is now easier to collect information due to users’ constant interaction with satellites or towers.  So, there is a remarkable potential for abuse. Instead of implementing clear regulations, the Department of Justice and EFF continue with their disputes.  This discrepancy has caused the courts to be divided on the issues. In fact, the courts have grappled with the lack of jurisdictional consensus on the legal standards. See https://www.aclu.org/how-government-tracking-your-movements for more information.

As mentioned above, technology allows access to an individual’s activities or location. The government is behind in implementing policies to protect an individual’s right to privacy.  So, in a society that is overwhelmed with technology, there is little legislative guidance on individual privacy laws.

In sum, the state and federal lawmakers should intervene because there have been, and probably will be, privacy violations.  At this time, the courts seem to have discretion to allow or disallow access to information without requiring a high burden of probable cause.  There is no doubt that GPS (and similar technologies) provide advantages to users, however, there are disadvantages that can cause unwarranted complications (e.g., invasion of privacy) for the same users.

At our law firm, we assist clients in legal issues related to internet, cyberspace, and privacy issues. You may contact us in order to setup a free consultation.

Published on:

In recent times, e-residencies (a/k/a “electronic residency”) have become a trend in some European societies. For example, the Republic of Estonia implemented this concept into its banking systems in order to permit people to manage their funds in an electronic environment. According to the Information System Authority, in 2001, the first nation-wide ID-card was introduced as the primary identity document for Estonian citizens both in the real and digital world. It is possible to attach a digital signature to the ID-card that constitutes a handwritten signature.

The Republic of Estonia is operating on the cutting-edge of technology. It has created an electronic state (“e-State”) where almost all transactions are completed by using technology. For example, Estonians developed Skype. The government permits its citizens to start a business online, pay taxes online, administer schools online, and pay their car park fees by mobile phone. It seems that their logistics transcend most societies. However, their achievements have not been without problems. In 2007, a cyberattack took place against its government’s websites and data communication networks.

What are the legal ramifications?

One legal issue comes up in the context of cyberwars. Before cyberwars, data assembly about an adversary that wasn’t espionage or treason was fair game and not an act of war. However, cyberattacks have blurred the line between espionage and information warfare. According to the Council on Foreign Relations, Russia has been accused of launching cyberattacks against Estonia and Georgia, China has been accused of launching them against the U.S. government and U.S. companies (e.g., Google), and the United States has been accused of launching them against Iran. So, the legal ramifications can cause political friction between nations. On a side note, such conduct can cause lawsuits between governmental and non-governmental agencies.

What are the pros or cons of running an e-State?

First, the advantage is efficiency. It can allow the public and private sectors to run their operations in a less arduous way.   The disadvantage can be risk. For example, the United States government has been subject to cyberattacks. In November 2008, there was a significant breach of Department of Defense’s networks at the Central Command, wherein the infiltration allowed an unnamed foreign intelligence agency to extract critical operational plans without detection.

iWars may emerge. This type of technological warfare will increase in probability as nations embrace the internet. iWar can manipulate low security infrastructure and be instigated by individuals, corporations, and communities. For example, the network infrastructure can be instigated by a Denial-of-Service (“DoS”) attack which bombards a high volume of information requests to overwhelm a network system. This form of attack can cause significant discrepancies, wherein the network system becomes unable to respond to legitimate requests.

A Distributed Denial-of-Service (“DDoS”) attack occurs when many computers attack an individual system. When conducting a DDoS attack, the culprit uses thousands of infected computers (e.g., zombies, bots) to concurrently attack a single system. Or even worse, a Permanent Denial-of-Service (“PDoS”) attack may occur, which damages a system so badly that it requires hardware replacement or reinstallation. Unlike a DDoS attack, which is used to sabotage a service or website, a PDoS is usually a hardware sabotage.

At our law firm, we assist clients in legal issues related to internet, cyberspace and technology. You may contact us in order to setup a free consultation.

Published on:

In general, the interested parties in litigation engage in some sort of “alternative dispute resolution,” or ADR, in order to resolve disputes. In fact, ADR may be used to settle cases that are still pending in court. Both the judicial and legislative branches of government have established new programs in order to promote judicial economy. There are both general and specific applications of the alternative dispute resolution. For example, the United States District Court for the Central District of California offers three options. First, a settlement conference with the district judge or magistrate who is assigned to the case. Second, a mediation with a neutral selected from the Court Mediation Panel. Third, a private mediation.

The courts can use various sanctions to urge the interested parties to engage in ADR. For example, sanctions may include imposing court costs, awarding legal fees, contempt, denial of trial de novo (amounting to confirmation of an arbitrator’s award), and dismissal of the pending litigation. However, they can only use these methods in limited circumstances and pursuant to applicable guidelines.

The trial courts have been allowed to use sanctions to force participation in alternative dispute resolution (e.g., arbitration or mediation). The sanctions that were used, included, contempt, denial of trial de novo, striking of pleadings, and dismissal. Yet, sanctions for failure to attend mediation cannot be imposed without notice and hearing. For example, in Rizk v Millard, 810 S.W. 2d 318 (Tex. App. Houston, 14th Dist., 1991) the Court of Appeals held that a trial court judge’s order striking the pleadings of a defendant, after a hearing in which it was determined that defendant violated a compromise agreement, when there was no pending motion to strike, no notice to defendant, and no hearing, violated due process. Although, it is rare, but in some case, the court may consider the argument that opposing counsel should be sanctioned for the failure to attend mediation or arbitration.  The dismissal of a case is rare as the court has the option to impose additional costs and attorney’s fees on the recalcitrant party or his/her attorney for their failure to participate in such proceedings.

In the past, the following actions have resulted in the court’s consideration of imposing sanctions: (i) nonattendance by a party’s attorney; (ii) failure to attend an arbitration proceeding which was a prerequisite to the filing of a suit under state law; (iii) failure of parties to participate actively; (iv) active circumvention of dispute resolution proceedings; or (v) failure to present evidence.

In fact, California Code Civil Procedure § 128.5 provides the trial courts authority to impose reasonable expenses (e.g., attorney’s fees) incurred by another party as a result of bad-faith actions. So, if the other side is acting in a frivolous manner, then it can face the possibility of incurring additional fees.

It is beneficial to agree to engage in alternative dispute resolution either before or during litigation.  In some situations, the contract that the parties signed requires them to make a good-faith effort to resolve their disputes by way of mediation, and thereafter, by and through arbitration. However, the other side may not always be cooperative as they may make every effort to prolong the case.   This type of conduct may force the claimant to file a complaint in state or federal court and compel arbitration.

At our law firm, we assist clients in resolving their disputes, whether through ADR or otherwise. You may contact us in order to setup a free consultation.

Published on:

In recent years, much of consumer retail consumption has transitioned to the online marketplace. So, many of us engage in e-commerce, especially when shopping for the upcoming holiday season. While e-commerce is convenient and easy, consumers are becoming more aware of the risks posed by hackers that commit online fraud. Merchants who administer websites for online shopping must take measures to assure that their sites are protected from online hackers and fraud. Online merchants may be held liable for online fraud if the proper steps are not taken to prevent it. Are you an online merchant? Are you worried about protecting the sensitive information of your customers? If so, then you must take certain steps to prevent fraud and unauthorized access (i.e., hacking).

How Does Online Fraud Occur?

Online fraud is fraud that is committed using the Internet. This type of fraud typically comes in two forms: (i) financial fraud; and (ii) identity theft. Financial fraud often occurs when a hacker collects a consumer’s financial information to steal money.  Identity theft usually occurs when a hacker collects a consumer’s information, and then uses it to open bank, mortgage, or credit card accounts. Many times the two types of fraud happen concurrently. Hackers often target e-commerce websites because consumers are constantly offering their credit card and personal information through these websites. Online merchants must take precautions to prevent hacking that leads to this kind of fraud.

What Is An Online Merchant’s Liability If There Is Online Fraud?

An online merchant is a person or business who accepts payment, usually credit cards, in exchange for goods and/or services through an online website. An online merchant may be held liable from a customer’s loss due to online fraud occurring through the merchant’s website. Often a financial institution (e.g., bank issuing credit cards) will bring an action against a merchant for failure to protect customer data from unauthorized access that led to the fraudulent use of that information. If the institution and/or customer can show that the loss was directly caused by the merchant’s lack of protection, then the merchant will be held liable. Therefore, online merchants must take reasonable steps to protect customer data. Merchants can and should take the following measures to protect against hackers committing online fraud. For example, choose a secure e-commerce platform with sophisticated programming language that ensures a secure connection during checkout. Use a system that verifies customer credit card and address information, and do not store this data longer than necessary. Require that customers utilize strong passwords, and track all their orders by number. Set up alerts when suspicious activity occurs. Train your employees in security measures and layer those measures for additional security. Closely monitor your website with regular scans to detect vulnerabilities. Make sure your systems are always updated. Think about using the cloud to reduce the need for hardware and protecting it, and invest in a fraud management service that reduces merchant liability when a customer suffers a data loss. Lastly, back up the data on your website, so that you do not lose important customer information.

These steps will greatly reduce the opportunity for a hacker to access sensitive customer information to commit fraud. If you are an online merchant and want to take steps to reduce your liability from online fraud, you may contact us to speak to an attorney.

Contact Information