US judge backs bank against customer who sued over hack

Seriously? Does Magistrate judge John Rich have part ownership or family in Ocean's bank management?  Under this farce of a ruling, Heartland, TJX and others should be off the hook for their breaches AND be entitled to get the millions of dollars paid in fines back.  Bank customers, like Patco Construction expect, safety and security for their money, not some legal fine print or worse, a lame intereptation from this judge that the Ocean's bank policy is to "try really hard" to protect its customer assets.  

This is different to the situation of Heartland, TJX, etc - in which card details were compromised beloning to people who had not signed up for any card services with those companies.

Patco Construction Company signed up for Ocean's banking services and accepted the online banking credentials.

If this gets enough press coverage Ocean might lose a lot of customers, presumably to banks that have implemented multi-factor authentication.

The popularity of Mint, OfferMatic, BillGuard and other services that directly access the customer's bank account on the basis of a simple username and password suggests that two factor authentication solutions haven't been implemented by many US banks so many years after it was mandated by FFIEC. Against this backdrop, it's interesting to note that, while the court ruling holds a bank liable for compliance with FFIEC's mandate, it considers Password + Security Question as adequate implementation of 2FA although most security industry professionals won't think so.