Banks may be forced to refuse customers access to online
banking unless they can show they have adequate firewall and
anti-virus protection, HSBC has warned.
Alan Jebson, group chief operating officer at HSBC, said banks
could not continue to allow their customers to refuse to take
responsibility for the security of their PCs and access to online
banking indefinitely
"Most banks post helpful advice on internet security on their
sites. HSBC has gone to considerable efforts to issue guidance. But
we believe the industry may have to take a stronger line," he told
the E-Crime Congress last week.
Phishing attacks, which are designed to trick customers into
disclosing bank passwords, cost banks £12m last year, according to
figures from UK payments association Apacs.
As well as refusing access to customers without adequate firewalls,
Jebson suggested that ultimately the banking industry might decide
to refuse to indemnify customers who do not have adequate security
on their home PCs if they have lost money to cybercriminals.
Banks have begun looking at countermeasures including two-factor
authentication and biometrics, but this was expensive and would
make accessing services more difficult, said Jebson.
Regulators should encourage banks to introduce the technology, so
that those that introduce it first are not placed at a competitive
disadvantage, Jebson said.
Banks have also begun targeting the middlemen used by
cyber-criminals to launder stolen funds, Jebson said. Crime groups
were advertising for "money mules" to pass stolen funds through
bank accounts. He called on the government to strengthen the law to
make it easier to prosecute mules. Under the current law, it may be
difficult to prosecute if mules claim they were not aware they were
involved in crime.
MasterCard has begun scouring the internet for stolen credit card
details in an attempt to crack down on identity theft.
Tim Morris, regional head of security and risk management at
MasterCard, said the company was working with a specialist scanning
company to close unapproved sites containing credit card details.
The company has so far closed down 1,000 sites containing details
of 35,000 cards.