Banks should be made legally liable for e-crime losses the House
of Lords Science and Technology Committee said today.
The Banking Code does not give individuals enough protection
against online crime, the committee concluded in its
second
report on internet security .
Legislation would encourage banks to be more proactive about
improving online banking security, it said.
The Lords also called for a change in the way e-crime is
reported. The public should be able to report credit card fraud
directly to the police instead of having to go through their bank.
Banks may have a commercial incentive not to pass a report to the
police, the committee said.
The committee re-iterated calls for
data security breach notification law, requiring all
organisations to inform the public about losses of personal data as
soon as they are aware of them.
Individuals would then have an early warning to identity theft,
and businesses would be given an increasing incentive to avoid data
breaches.
The government responded "positively" to some parts of the
report, such as kite-marking for websites and a code of conduct for
internet service providers. But the committee said parts of the
government's response were "disappointing".
Committee chairman Lord Sutherland of Houndwood said, "We are
pleased that the government has taken on board more of the
recommendations in our report than they did in their initial
response.
"However we are disappointed that they still will not accept
that there should be legislation to establish the principle that
banks should be liable for refunding the victims of online
fraud."
The report repeated demands made in the committee's
first report in August 2007.
One committee member called the government's response to their
first report "vacuous, idle and irrelevant." Every
recommendation was "dismissed out of hand", the committee said.
The committee now says the government has "at last" started to
take the risk of fraud seriously following the loss of sensitive
data on
two computer discs by HMRC.