New provisions to the Banking Code means banks can now pass responsibility for card fraud to consumers if they do not have antivirus software or firewalls. This raises interesting questions as to whether banks should be able to transfer liability so easily, and whether it will be possible to police this.
In my view, a balance of responsibility is needed between banks and consumers. Banks need to take a key role in educating consumers about the new guidelines to ensure they are fully aware of what they are now liable for, but consumers need to take some responsibility too.
Users need to be proactive in learning about the guidelines and securing their personal computers to ensure all their dealings on the internet are protected. Government and technology organisations have a role too. They should work with banks to find the best way to implement and publicise the new provisions without degrading the user experience.
As to whether the new guidelines are policeable, in practical terms it is fairly complicated. The technology required to check every banking user's antivirus settings is available, but it would be expensive, invasive and a piecemeal response to the problem of fraud.
Fraud does not just come from unprotected computers. Insider fraud, bin-raiding, and card skimming are equally as prevalent. How would the banks correctly attribute the instance of fraud to the correct cause? We would like to see a more holistic, collaborative approach to reducing fraud and more of a shared strategy between the individual consumer and the bank to ensure financial transactions are kept secure, covering how to dispose of paper, not letting your card out of your sight, use of card-reading devices at home and antivirus software and firewalls.
That is not to say the new provisions are not positive - they are. They have already raised the debate, and users are now more aware of new methods of fraud and their new responsibilities. The Banking Code has just been bought up to date with advances in technology and the new ways in which users can interact with their banks. Consumers have always been liable for fraud if a pin number and card are kept together this is just a modern-day security equivalent for online banking users.