Banks To Customers: You Have To Pay For Phishing

Good article in Australia’s BRW Magazine about phishing and banks. It makes some important points, not least that banks are still trying to talk down the problem while at the same time passing costs and risk onto the customer:

Banks are desperate to assure their customers that internet banking is safe. But their actions are not comforting. Three of the five biggest banks have increased or introduced fees for online banking. In May, Commonwealth Bank of Australia linked the introduction of fees for retail customers directly to the $100-million expense of upgrading the online system to improve security and add 20 new services.

The problem with the online banking debate is that the banks, the fraud experts and the security companies contradict each other about the extent of the phishing problem, and whether it is growing or waning. One thing is certain: bank customers need to be increasingly wary and savvy about how they conduct their banking online or they will find costs soaring and, at worst, lose their savings.

The new fees for online banking are just one of the costs that customers are expected to bear for the convenience of banking online. Banks are also educating customers to buy increasingly complex and expensive software to protect their home and business computers. These include anti-virus and anti-spyware software and firewalls, products that experts say many customers, including small-business owners, cannot install and manage without expert help. The banks now say the online banking system is not secure without this protection.

Furthermore, there are signs that the banks are hardening their attitude to reimbursing customers who are defrauded by phishing e-mails. So far, the banks collectively have maintained a generous policy on reimbursing defrauded customers. According to the Australian Bankers Association, those reimbursements are estimated to have cost the banks $25 million.

Overseas, banks seem to have run out of patience. An AOL survey of 2052 internet users released in May this year found that 53% of customers who were defrauded in phishing scams in Britain say they were not compensated by their banks.

Good hard stuff. One stark quote comes from AlienCamel’s Sydney Low, who I know is very critical of how the banks are approaching the problem:

He says online banking is so insecure as to fail the “fit for purpose” test under section 71 of the Trade Practices Act 1974. He says: “Under consumer law, a product or service that is sold must be fit for the purpose it is sold for. Experts are saying that the current state of security is unsafe. The home PC is not designed as a secure terminal; an ATM is very secure. Now the banks are relying on mums and dads to create a secure device.”

It certainly seems extraordinary to me that banks have been so quick to shift customers online, where the savings are huge, and are now reversing engines and charging them. If the banks saved money in persuading users to do online transactions, why should some of those savings not be used to pay for better protection, and, where necessary, to fund compensation?

04. June 2005 by jeremy
Categories: E-commerce, Phishing, Security | Tags: , , , , , , , , , , , , , , , , , , , , , , | Comments Off on Banks To Customers: You Have To Pay For Phishing