By Dan Ilett, 6 June 2006 09:00
NEWS
Barclays Bank recently announced it is to give customers antivirus software in a bid to stop them being fleeced by fraud.
The move is part of a trend by high street banks to reassure customers that online transactions are safe to perform.
Barclays is, however, quick to point out customers are not required to use the software - and that recommending which type of antivirus software their customers should use does not make the bank liable for any losses due to online fraud.
A Barclays spokeswoman told silicon.com: "All we are saying is: here's an offer and if you want it you can have it for free. It's a good idea to use it but we're not forcing anyone. It doesn't alter any liability."
Barclays is not the only bank providing new tools to customers in a bid to improve security for their online services. Lloyds TSB is trialling the use of two-factor authentication tokens and offering customers discounted antivirus software, as is NatWest. Alliance & Leicester is also providing two-factor authentication tokens to customers as an extra security layer at login.
But some analysts are unconvinced the measures banks are taking are enough to ensure customers' money and identities are secure.
Chris Skinner, associate director of analyst Tower Group, said: "If anything the banks should be more vigilant in terms of putting anti-spyware software in these packages."
He added: "Banks are quite rightly informing their customers which [tools] they need to use with internet banking. But all the security measures, such as key fobs and chip and PIN, are completely useless because they will never stop [fraud] altogether."
An online transaction costs a bank a fraction of what it costs to do a transaction in a branch, so many banks are keen to promote the internet. And with growing concern over the level of identity fraud, that equates to reassuring the public and giving them the tools to protect themselves.
It is likely banks have also realised there is a good business case for providing better security - it's cheaper to secure customer funds than let them be plundered and have to provide compensation afterwards.
A spokesman for Apacs, the banking industry body, told silicon.com: "If you are a victim of phishing, for example, in this country you are refunded, so it could be as much in [the banks'] interests to make sure their customers are protected. It depends on how much fraud [banks] are seeing."
According to figures from Apacs, online banking fraud is a growing problem. Losses from this type of fraud doubled in 2005, hitting £23.2m, due to the rise in email phishing scams. And last year internet, phone and mail-order transactions - and card-not-present fraud - rose by 21 per cent to £183.2m.
Comments
There are 5 comments. Join the discussion
1. Richard Pettigrew
Waste of time!
Its user gullability that results in fraud and not actual viruses.
The majority of On-line banking users are not that pc savvy and will fall for some of the smarter scams and phishing techniques as the result of the solcial engineering devices and facsimilies of the bona-fide website that are used to dupe users.
National Campaign required to educate!
>>> High-street banks should club together and pay for a series of UK-wide adverts to help educate. <<<
2. Matthew Peddlesden
Education is not the entire solution it absolutely should be *part* of the solution but you the vast majority of people just aren't clever enough to spot this - a recent bit of research showed that something like 90% of people participating in a test couldn't spot fake sites from real sites, and those folks were LOOKING for the fakes.
The banks need to be offering an out of band authentication solution - even these tokens / key fobs don't actually protect you as much as you might think.
A multi-pronged approach is needed, educate users and protect them at the same time.
3. Graham Coles
Two factor authentication seems useless for online banking, so it seems like nothing more than a placebo.
How about a radical idea, teaching PC security and educating people about e-mail scams and phishing in schools as a mandatory part of the curriculum?
Surely this would be more useful than the current crop of stupid ideas such as playstation lessons 'to improve hand-eye co-ordination' and other similar garbage like 'how to text' in english lessons (I always thought they were supposed to teach you the RIGHT way to spell).
No; that's clearly too radical for the education system.
4. anonymous
What is actually needed is user Purchase authorisation..
WHENEVER a customer uses their card, they should then be given the opportunity to authorise the transaction when they get on line, NOT at the same time the transaction is made.
In the same way as business authorise Purchase orders and capexes, the customer should be allowed to do the same.
If the transaction isnt authorised after a specified time period, it is automatically authorised (in case the user forgets).
OK, the retailer has to wait a bit for his money, due to the authorisation process, but this is better than no money at all due to fraud. AND it stops fraudulent use by retailers.
I put this to my bank, and they simply were not interested in having customers authorise their purchases.. Too costly..
5. Peter Dorrington, Head of Industry Marketing Strategy, SAS UK
I think that this move by Barclays is to be applauded, as should any initiative that addresses the challenge of online fraud (unlike the comment by Chris Skinner, who seems to advocate doing nothing because the battle can’t be won with a single shot). I agree that antivirus software is only a partial answer, as are most of the technical solutions for dealing with fraud. History shows us that reliance on security alone to protect us is always going to fail – anything that can be devised by man can be defeated by man – it’s just a question of how difficult is it and whether the cost is outweighed by the reward.
In the end, the best defence against fraud of any kind is a combination of education and vigilance – on part of both the banks and customers. We need to know what we are looking for (education) and then actively look (vigilance). For the banks, this probably means taking advantage of the latest software to identify unusual or anomalous behaviour as soon as possible; for customers it’s a question of knowing the risks, being suspicious and acting on those suspicions.