Several prominent UK internet banks have been criticised for leaving customers to clear their name, or pick up the bill, if they fall victim to online credit card and bank fraud.
Egg, Bank of Scotland and Halifax internet banking are accused by the report of placing the responsibility on the customer to prove that they have been the victim of fraud, rather than the common practice of automatically refunding the money once it exceeds a set limit, usually £50.
The report - Electronic Commerce: Who Carries The Risk of Fraud? - was commissioned by the campaign group Foundation for Information Policy Research, which said the liability rules, which are different to rules for off-line cards, were "decidedly unreasonable". All three named banks contested the report's findings.
On the high street, retailers carry the risk of fraud, as they must swallow unpaid bills run up by stolen credit cards, and then ask the banks to refund their losses. However, the named banks are believed to have introduced these stricter policies because of a concern that fraud is more likely online than offline.
Nicholas Bohm, co-author of the report, said this belief is misguided and would damage ecommerce and the public's confidence in it if the internet's advent "is used as an excuse to transfer to consumers the risks that should be carried by those who implement new electronic systems". Bohm is a member of the Law Society's working group on ecommerce.
However, the report said that banks such as Egg now place the burden on the customer. A study of the recently floated online bank's terms and conditions reveals the following clause: "Until you tell us, you will be responsible for any instruction in writing or by telephone or internet which we receive and act on, even if it was not given by you."
Egg said its word is final. "Our records of your internet instructions will be conclusive unless there is a clear mistake," the terms and conditions state.
However, an Egg spokesman said the bank will refund customers any losses incurred due to online fraud as long as they have not been grossly negligent with passwords or it can prove the customer engaged in, or knew about, the fraud.
A Halifax spokesman said the firm is still reading through the report but does not understand why the company has been singled out as its terms and conditions give customers zero liability as long as they haven't been negligent or engaged in fraud.
The Bank of Scotland said there were no differences in terms of whether a credit card purchase was made, be it over the internet or over the counter, and that the £50 liability applied to all transactions made with its credit card. Its internet service, the bank said, is restricted to allowing account holders to move funds from one account to another in their name only, so "fraud wasn't possible".
Not all internet banks have changed the rules on credit card fraud to suit themselves. Others, such as Marbles and First Direct, give their customers complete protection with a zero liability rating while the Woolwich keeps the same £50 limit in place for online transaction as exists for offline transactions.
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches