Are you or your bank liable for on-line fraud?

“Banks slip through virus loophole” was the headline for an article by Danny Bradbury in the Guardian last week. This began: “Is my money safe? A quiet rule change allows British banks to refuse to compensate the victims of online fraud if they do not have “up-to-date antivirus and spyware and a personal firewall”  

His article claimed that the new section 12.13 the Banking Code (which dictates how banks do business with customers) changes the balance of risk between customers and banks. 

“Since the 2005 edition of the code (which dictates how UK banks do business with customers), section 12.9 has advised customers to keep their PCs secure. “Use up-to-date antivirus and spyware software and a personal firewall,” … The contentious addition to the new version is section 12.13. “Unless you have acted fraudulently or without reasonable care (for example, by not following the advice in section 12.9), you will not be liable for losses caused by someone else which take place through your online banking service.”

Read the full text of his article for the arguments that follow.

The report of the House of Lords on Personal Internet Safety recommended “the Government introduce legislation, consistent with the principles enshrined in common law and, with regard to cheques, in the Bills of Exchange Act 1882, to establish the principle that banks should be held laible for losses incurred as a result of electronic fraud”

Many users would probably stop banking on-line if they feared losing more than trivial sums as a result of their own mistakes. Some of the ramifications are indicated by the recent refusal of a bank to reimburse a customer who lost £3,670 after a phishing scam (reported Which April 2008 and also referred to the Financial Ombudsman Service) and by the growing sophistication of on-line fraud and impersonation, including that using information obtained from data “leakages”. The sharp rise in “card not present fraud” involving transactions outside the UK that bypass the domestic chip and pin controls, also adds urgency to the need to reassure users about the risks they run, or rather do not run, when they transact on-line.

The subject also came up when ministers met with the House of Lords Select Committee  last month. The trancript of that hearing indicates new and more positive thinking on the part of government. Baroness Vadeera, the minister now responsible for this area in the Department for Business. commented on the possible need to make the Financial Ombudsman better able to “decipher” the reality beneath disputes over liability. Vernon Coaker, the minister responsible at the Home Office volunteered notes to the Select Committee on progress and on the activities of the new inter-ministerial group. He also said that they would support the creation of the Internet Crime and Disorder Reduction Partnership on which the Rt Hon Alun Michael MP, chair of the EURIM E-Crime Group, has been working.