The JS thing is a huge deal so someone might get their online banking credentials stolen and then account emptied. In which case, how helpful are the banks in helping to recover the money?
On the cryptocurrency side people need to secure their own money and ensure they don't open some shady ICO site. So stolen credentials means the money is gone forever.
Edit: FDIC insurance is applicable for the banks ie if the banks get hacked. The question here is on individuals getting hacked. I am not able to find if FDIC covers that.
Basically your fraud protection involves your responsibility to notify the bank, and the bank's responsibility to refund the money if you notified them in time. Check your statement or balance at least once every 60 days and report fraud immediately, and you can't lose more than $500.
Fraud and theft are not covered by FDIC insurance. FDIC insurance protects your balance, up to a limit, if the bank fails or if there is a run on the bank.
But in the case of the bank being hacked, I could imagine it affecting enough accounts that the bank cannot cover it. Would that count as the bank failing (or perhaps a run on the bank?), and so then be covered by FDIC insurance?
Finally, suppose the hack is a case of financial terrorism. Say, a state sponsored group is trying to undermine confidence in the banking system and so wants to be as disruptive as possible. Instead of just getting in and stealing some money, they have been in for months and have been sabotaging things. They mucked with the backup procedure to make it so the backups are corrupt, and the bank unwisely did not do actual restore tests on samples to check things. Finally, the hackers set everyone's account balance to zero (or more fun, delete everyone's account).
So now my bank has no idea how much money I'm supposed to have (or even if I'm a customer). They fail and FDIC steps in. Do the banks have to periodically give the FDIC or other regulators lists of accounts and balances, so that FDIC would be able to at least figure out things up to the last month, say, or would the FDIC also have no idea who gets what?
When a was running an exchange, which is far from a bank but already has annoying scrutiny.
We were required to have a feed of all the transactions to an off site location. Then we had to store off line archives and off site archives.
The location must be within the jurisdiction of the regulator so they can send the police to the datacenter, seize all the hardware and reconstitute the balances.
* transactions are printed physically (iirc SEPA mandates this) (account balances can be recovered, like bitcoin)
* accounts are insured up to some ammount (will be covered by insurer provided bank cannot cover)
* bank will cancel/refund transactions that happen x hours prior to proper notification of account compromise (details vary)
* offsite backups
* verified offsite backups (not saying this happens everywhere but I'd expect banks to some kind of routines)
A few words as a news reading citizen:
* force majeure
* fannie mae and freddie mac
So important... i can’t tell you how many times I’ve come across a database backup process that either the cron had been failing for months, that wasnt backing up all the data, or was simply corrupted.
Not only verify your backups, but make sure you know you’re restore process too!
You’ve got to trust that our banking systems do this thoroughly though ... amirite?!1!!
Completely. These are banks we're talking about, not bitcoin exchanges.
Does the FDIC have security / computer / process requirements for the banks which they insure against hacks?