Banking customers must make sure that antivirus and anti-spyware software are up to date
New banking code could leave customers liable
/v3-uk/news/1970570/new-banking-code-leave-customers-liable
17 Apr 2008, Ian Williams , V3
The new UK voluntary Banking Code could leave online banking customers liable for losses on their account if they fail to keep their PC secure with up-to-date antivirus and anti-spyware software and a personal firewall.
Security firm Finjan highlighted sections of the new Code which specify that online banking customers must be able to show they are not "acting without reasonable care".
"The new code, specifically sections 12.9 and 12.11, places the onus on customers to take reasonable care and make sure that their antivirus and anti-spyware software are up to date," said Yuval Ben-Itzhak, chief technology officer at Finjan.
"If not, they might be held responsible for losses on their online banking account. This means that business customers should take steps to review their IT security arrangements and ensure that they have the solutions to protect their IT resources."
Ben-Itzhak explained that the new approach in dealing with online banking fraud potentially gives banks a position to reject online fraud claims upfront.
Unless business customers adopt this approach to IT security, they might face an uphill battle in recovering funds if they go missing in the event of electronic fraud.
The new code has raised several concerns for customers and banks alike. Technology consultancy Detica warned yesterday that many UK banks are ill-equipped to comply with new codes on consumer debt management.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Stop doing business with any bank that assumes this attitude
Banks that attempt to foist the problem on to the customer will loose in the long run. Banks are in the best position to mitigate the problem but few in the US (I don't know of any) are doing anything more than second-rate authentication. Most US banks are only using "things that you know" to prove authentication and are not using true multi-factor authentication because they don't want to bear the cost. Here is a much better solution: Banks must use true multi-factor authentication. Banks should distrubute USB-based fobs to customers wanting online access. USB-based fobs should be programmed with scanning, etcetera that would kick off if a customer doesn't have current antivirus running. Fobs should be programmed with a system (using a phoned-to-customer id as a second factor) that customers use to enter second factor. Two problems solved, no more phishing (passwords are useless without second temp factor) and customers systems get cleaned. I'd pay $200 to sign-up with the first bank that offered such a system in the US. Time for banks to grow up and accept responsibility instead of foisting it on users who are ill equipted to solve the problem.
Posted by Orr, 23 Apr 2008
Why don't banks exploit KEY and PIN system to deter all fraud crimes?
Massive increase in fraud crimes should make the government and banks realise that their data protection and Chip and PIN systems are diverting rather than deterring fraud crimes.
This shows that fraud will continue to grow until they exploit KEY and PIN system which will deter BOTH identity and card fraud by making signature and PIN systems reliable and foolproof.
Fake documents have made our signature system unreliable while skimmers and pin-hole cameras etc. have made PIN system unreliable. We have option to make signatures reliable by personalising them with ID stickers and option to use Card Key Code to make PIN system reliable to make use of stolen and skimmed cards meaningless. By ignoring to exploit this system banks are only letting fraud crimes grow.
ID KEY system will eliminate the need for us to protect our personal and card details since fraudsters will be deterred from misusing these stolen details.
Proposed ID KEY can be treated as a reliable international ID card because it will personalise signature and PIN number to only the right individuals in any country.
We hope that the government and banks will appreciate these details and exploit KEY and PIN system before it is too late to stop a fraud boom.
Posted by Roger, 17 Apr 2008
BBA responds
BBA here. Failure to follow this advice will not necessarily result in a customer being asked to foot the bill for losses. Each bank will have its own approach and will assess each case on its merits. And the burden of proof will always lie with the bank to prove the customer has behaved unreasonably or fraudulently. Banks and building societies are serious about protecting online banking users. Some offer assurances above and beyond what's in the Banking Code; some offer to provide antivirus software; all have invested heavily in online security. The new Banking Code does nothing to change this commitment.
Posted by Brian Mairs, 21 Apr 2008