Banks should be made legally liable for e-crime losses the House of Lords Science and Technology Committee said today.
The Banking Code does not give individuals enough protection against online crime, the committee concluded in its second report on internet security .
Legislation would encourage banks to be more proactive about improving online banking security, it said.
The Lords also called for a change in the way e-crime is reported. The public should be able to report credit card fraud directly to the police instead of having to go through their bank. Banks may have a commercial incentive not to pass a report to the police, the committee said.
The committee re-iterated calls for data security breach notification law, requiring all organisations to inform the public about losses of personal data as soon as they are aware of them.
Individuals would then have an early warning to identity theft, and businesses would be given an increasing incentive to avoid data breaches.
The government responded "positively" to some parts of the report, such as kite-marking for websites and a code of conduct for internet service providers. But the committee said parts of the government's response were "disappointing".
Committee chairman Lord Sutherland of Houndwood said, "We are pleased that the government has taken on board more of the recommendations in our report than they did in their initial response.
"However we are disappointed that they still will not accept that there should be legislation to establish the principle that banks should be liable for refunding the victims of online fraud."
The report repeated demands made in the committee's first report in August 2007.
One committee member called the government's response to their first report "vacuous, idle and irrelevant." Every recommendation was "dismissed out of hand", the committee said.
The committee now says the government has "at last" started to take the risk of fraud seriously following the loss of sensitive data on two computer discs by HMRC.