PC security warning for banking online

Banks may not always pick up the bill

By Tim Ferguson, 16 June 2008 11:26

NEWS

Victims of online banking fraud who repeatedly fail to take appropriate security measures could be left out of pocket, the industry has warned.

The online banking section of the latest Banking Code from the British Bankers Association suggests banks may not always be liable when online banking fraud takes place.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

Section 12.13 of the Code says: "Unless you have acted fraudulently or without reasonable care (for example by not following the advice in section 12.9), you will not be liable for losses caused by someone else which take place through your online banking service."

Section 12.9 of the Banking Code offers advice about how to protect your online banking activities including keeping your PC secure - through up-to-date antivirus and spyware software along with a personal firewall.

A spokeswoman for UK payment association, Apacs, told silicon.com: "It's advice. Rather than putting any obligation on the customer, it's just offering advice to the customer. So it shouldn't be seen as putting a burden on them."

She added: "It's exactly what their [bank's] policy has always been. The banking practices and what they've been doing - it hasn't changed at all."

Apacs said, as with card fraud, banks still assess online banking fraud on a case by case basis. This means only people who consistently fail to take precautions could be seen by banks as liable for their losses.

The spokeswoman said: "The code doesn't place any obligation on the customer, it's there to set out what the obligations are on the banks."

Holly Marshal, business development manager of UK financial Services at Unisys said a "balance of responsibility" is needed between banks and consumers.

She said that banks, along with government and technology organisations, need to take a key role in educating consumers to make them fully aware of what they could be liable for.

But she added that customers should also be proactive in learning about the guidelines and securing their computers to protect themselves.

Comments

There are 4 comments. Join the discussion

  1. 1. Haydn Rees

    I worked in Eindhoven in the Netherlands, and was paid into the Rabobank, and still have some money in my current account.

    I have to use a Bank-issued piece of cryptographic hardward (my card goes into a slot in the side), just to log in.

    I must also authenticate any transaction using the device and card.

    I intend to keep money in my Dutch Bank, because it's safer.

  2. 2. Mark Hosey

    A "balance of responsibility" is needed between banks and consumers AND SERVICE PROVIDERS.
    Service providers must do more to provide some minimum level of security that is acceptable to internet businesses. And if the businesses want more then they should provide it themselves free to their customers. Expecting the customer to provide and pay for the required security is a bit like being expected to provide your window cleaner with a hard hat and safety harness when he comes to clean your windows.
    If they want our custom they should provide their customers with all the security features they (service providers and/or i/n businesses) require.

  3. 3. Richard

    The new online verification works only when I reduce my security settings:

    Normally, I use Firefox (1, 2, now 3) with the Noscript security extension.

    Amongst other protections, this blocks XSS attacks on my web-browser. (Where a hacker diverts your information from a valid web-site.)

    The banks' new online verification process seems actually to rely on XSS.

    Sometimes I can successfully enable it - temporarily - but often the verification process just fails.

    So, in order to access my bank accounts, I now have to use a less secure web-browser and lower security settings.

  4. 4. Jason

    I had the same issue with the online verification system.

Post your comment

In order to post a comment you need to be registered and logged in.

Log in or create your silicon.com account below

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ