Banks want lax customers liable for Internet fraud

Code of Conduct under review

Australian banks want customers to be more accountable for online fraud as part of a review of the Electronic Funds Transfer (EFT) code of conduct.

The financial services industry claims customers play a huge part in thwarting cyber crime because most fraudulent activity can be attributed to compromised computers.

Today, the exponential rise of phishing and other sophisticated threats such as invisible Trojans and viruses are a very real threat to the global banking industry.

And while the convenience of online banking offers a massive 'cash-cow' and huge savings for the industry, the cost of online fraud is increasing and according to security vendor, TrustDefender, is getting out of control.

This is despite moves by most countries to strengthen anti-money laundering legislation, terrorist financing laws and stiffer penalties for cyber crime.

A discussion paper released by the Australian Securities and Investment Commission (ASIC) refers to lobbying by the financial services industry to make customers liable for Internet fraud if they do not install minimal security measures on their computers, or if they respond to phishing attacks with "extreme carelessness."

The industry's keen interest in online fraud is a far cry from a few years ago when the banks were busy downplaying the risks involved in online banking.

The Australian Bankers Association (ABA) was unavailable to comment on the discussion paper.

TrustDefender CTO Andreas Baumhof said there is no question that banks have invested heavily in security infrastructure that protects data once it is inside the banks control, however, they have failed to educate users.

He said customers do have a duty of care when it comes to the security status of their PC.

"This is where the real dilemma arises. Nobody - apart from security specialists - can know for sure whether or not his or her PC is safe," Baumhof said.

"It is important that people ask themselves some very important security related questions such as, Do I have my Windows update turned on? Is my anti-virus scanner up-to-date? Have I checked the fingerprint of the SSL certificate? Is my DNS Server properly configured?" he added.

Baumhof warned not to assume security vendors are the solution to the problem.

"Unfortunately, the reality of the situation is quite brutal. Despite the fact that security solutions are cumbersome and still rely mainly on blacklists and heuristics, most have a complicated update mechanism and are therefore unable to detect the most sophisticated Trojans," he said.

"Anti-virus software has been available for more than 10 years, yet viruses and Trojans are still incredibly successful.

"Despite all anti-phishing efforts, attacks are still highly successful which was proven in the recent Myspace phishing attack where more than 60,000 user identities, e-mail addresses and passwords were stolen."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about ABAAustralian Securities and Investment CommissionAustralian Securities & Investment CommissionHISSophosSpeedTrustDefender

Show Comments