New provisions to the Banking Code means banks can now pass
responsibility for card fraud to consumers if they do not have
antivirus software or firewalls. This raises interesting questions
as to whether banks should be able to transfer liability so easily,
and whether it will be possible to police this.
In my view, a balance of responsibility is needed between banks
and consumers. Banks need to take a key role in educating consumers
about the new guidelines to ensure they are fully aware of what
they are now liable for, but consumers need to take some
responsibility too.
Users need to be proactive in learning about the guidelines and
securing their personal computers to ensure all their dealings on
the internet are protected. Government and technology organisations
have a role too. They should work with banks to find the best way
to implement and publicise the new provisions without degrading the
user experience.
As to whether the new guidelines are policeable, in practical
terms it is fairly complicated. The technology required to check
every banking user's antivirus settings is available, but it would
be expensive, invasive and a piecemeal response to the problem of
fraud.
Fraud does not just come from unprotected computers. Insider
fraud, bin-raiding, and card skimming are equally as prevalent. How
would the banks correctly attribute the instance of fraud to the
correct cause? We would like to see a more holistic, collaborative
approach to reducing fraud and more of a shared strategy between
the individual consumer and the bank to ensure financial
transactions are kept secure, covering how to dispose of paper, not
letting your card out of your sight, use of card-reading devices at
home and antivirus software and firewalls.
That is not to say the new provisions are not positive - they
are. They have already raised the debate, and users are now more
aware of new methods of fraud and their new responsibilities. The
Banking Code has just been bought up to date with advances in
technology and the new ways in which users can interact with their
banks. Consumers have always been liable for fraud if a pin number
and card are kept together this is just a modern-day security
equivalent for online banking users.