Alan Jebson, group chief operating officer at HSBC, said banks could not continue to allow their customers to refuse to take responsibility for the security of their PCs and access to online banking indefinitely
"Most banks post helpful advice on internet security on their sites. HSBC has gone to considerable efforts to issue guidance. But we believe the industry may have to take a stronger line," he told the E-Crime Congress last week.
Phishing attacks, which are designed to trick customers into disclosing bank passwords, cost banks £12m last year, according to figures from UK payments association Apacs.
As well as refusing access to customers without adequate firewalls, Jebson suggested that ultimately the banking industry might decide to refuse to indemnify customers who do not have adequate security on their home PCs if they have lost money to cybercriminals.
Banks have begun looking at countermeasures including two-factor authentication and biometrics, but this was expensive and would make accessing services more difficult, said Jebson.
Regulators should encourage banks to introduce the technology, so that those that introduce it first are not placed at a competitive disadvantage, Jebson said.
Banks have also begun targeting the middlemen used by cyber-criminals to launder stolen funds, Jebson said. Crime groups were advertising for "money mules" to pass stolen funds through bank accounts. He called on the government to strengthen the law to make it easier to prosecute mules. Under the current law, it may be difficult to prosecute if mules claim they were not aware they were involved in crime.
MasterCard has begun scouring the internet for stolen credit card details in an attempt to crack down on identity theft.
Tim Morris, regional head of security and risk management at MasterCard, said the company was working with a specialist scanning company to close unapproved sites containing credit card details. The company has so far closed down 1,000 sites containing details of 35,000 cards.