I’ve just read a recent article which says that from now onwards, online banking customers may be held responsible for losses if they have out of date anti-virus or anti-phishing protection. From the banking code, which you can download online, the provisions in section 12.11 clearly state that:
If you act without reasonable care, and this causes losses, you may be responsible for them. (This may apply, for example, if you do not follow section 12.5 or 12.9 or you do not keep to your accountâ€™s terms and conditions.)
And if you check up what section 12.9 says:
Online banking is safe and convenient as long as you take a number of simple precautions. Please make sureyou follow the advice given below.
- Keep your PC secure. Use up-to-date anti-virus and spyware software and a personal firewall.
- Keep your passwords and PINs secret.
- We (or the police) will never contact you to ask you for your online banking or payment card PINs, or your password information.
- Treat e-mails you receive from senders claiming to be from your bank or building society with caution and be wary of e-mails or calls asking you for any personal security details.
- Always access internet banking sites by typing the bank or building societyâ€™s address into your web browser. Never go to an internet banking site from a link in an e-mail and then enter personal details.
I feel that this is a fair move to make. A bank cannot possibly be held liable for a customers’ mistakes especially when such matters are entirely beyond their control. However, in order to be able to enforce this, the banks would also need to take steps in order to educate their customers on online security and also potentially equip their customers with the necessary technology.
As much as I’d like to take this opportunity to deride a certain popular OS for being so insecure that it’ll leak personal information out onto the Internet like a sieve, it would be very unfair for me to do so because, the operating system is only part of the equation in computer security. The weakest link in computer security has been, and always will be, human stupidity.
From the list of items in the document, it seems that the banks are familiar with all the common techniques of tricking customers into revealing their personal details. Phishing is a common method that has caught many people off guard. Spyware installed on a computer can easily intercept useful passwords and PINs and divert them to some unknown third party. In fact, cross site scripting is also a common technique that wasn’t listed but that is something that the banks are liable for, not the customer.
However, there is also a potential danger with this move, especially for customers that do not use the above mentioned popular OS. For example, in my case, there isn’t even an anti-virus software for me to install even if I wanted to, simply because there are essentially, no virii to clean. So, the anti-virus software clause may give the banks a way of weaselling out of their responsibility if I ever get my account drained.
So, I do wonder about the further technological implications of this. I can imagine a scenario where a class action suit might be filed against the maker of the above mentioned popular OS by disgruntled bank customers who had their online accounts drained due to security holes in the system software. If the numbers are large enough, it will definitely happen.
I can also see a good business opportunity for makers of security software. Personally, I think that security software is a dastardly scam. But, these companies can expand their offerings by partnering with selected banks to provide customers with free trial copies of their products, which will essentially force customers to buy their products.
Seriously, if we take basic precautions even when crossing the road, there really isn’t any reason not to take precautions when using a computer. It’s just that the education isn’t there yet. Ultimately, I do think that it is a good move, that will at least, increase public awareness in computer security, which will eventually lead to safe computer use and a safer Internet for everyone else as well.