Aardvark Daily

Please visit the sponsor!

Put down the mouse and hand over your money

It's the evening of the 19th and you fire up your PC to go online so you can pay a few bills.

A few clicks of the mouse later you're asked to enter the login details for your online banking service.

Typeity-type, clickety-click and you're in.

What the?

The balance screen appears and instead of displaying the healthy balance that should be sitting in your account you find just a few tens of dollars.

That can't be right, your salary was supposed to go in the previous day and there should be thousands just sitting there waiting for disbursement -- what's going on.

A few more clicks and you find a list of transactions that shows transfers of pretty large amounts of money from your account to others that you don't recognise.

Well congratulations -- your account has been hijacked and effectively cleaned out by some evil little sod who may be half a world away and laughing all the way to his own bank.

Since online banking became very popular, this scenario has probably played out more often than banks or victims would care to admit. In fact, it's now such a common thing that the banks are exploring new ways of avoiding the losses -- and that's bad news for customers.

Please visit the sponsor!

They want rules in place that require you to have your anti-virus, anti-spam OS updates and firewall software totally up to scratch before they'll even consider reimbursing you for such losses.

On the face of it, this sounds only fair -- but is it really?

There are lots of folks (like myself) who choose not to use anti-virus software.

Quite frankly, most AV software is crap. It can place a huge overhead on your computer's processing abilities, it often gets in the way of legitimate operations and it's frequently an ongoing cost that many folks can't really afford.

And what if you prefer to stick with an older OS -- or perhaps anything other than the latest "all bells and whistles" version of Windows?

Could banks seek to refuse compensation if you're running Linux? What if that Linux isn't patched to the very latest revision or is simply not an approved flavour?

And what about the whole idea that you must hand over your PC to the bank for scrutiny before they'll even consider a claim for compensation? Should we have to give up our right to privacy -- especially if the fault may not be ours at all?

What about the case of the idiot whose PC is all patched to the max, running every bit of firewall and anti-spam software available but who responds to a phishing email by freely handing over their login details to a "look-alike" website?

Aren't these people are the biggest offenders when it comes to compromised bank accounts?

Surely idiocy ought to be a better grounds for refusing compensation than simply choosing to run a non-mainstream OS or preferring to observe meticulous discipline in respect to email attachments, etc rather than burden a PC with AV software?

It sounds to me as if the banks are taking a leaf from insurance companies and simply looking to take advantage of *any* excuse they can to avoid covering customer losses.

Here's a thought...

Any bank that relies solely on a login ID and password ought to be accountable for any and all customer losses that occur as a result of compromised accounts. After all, there are far superior security control systems now available than such simple authentication.

Some banks are using challenge-response systems, physical keys, etc. These all go a long way towards crippling the simple attacks that most evil sods use to get access to bank accounts. If a bank chooses not to use these methods then surely it is as much their fault as the customer's when there are losses.

I fear that if banks fail to live up to their end of the deal by using more advanced authentication techniques, lots of Kiwis will say "stuff you" and go back to "old fashioned" banking methods. The problem is that banks are now charging so much for over-the-counter transactions that some of those least able to afford "the latest and greatest" AV, OS and anti-spam software will also be those least able to give up internet banking.

Can someone remind me how much money our trading banks made last year?

Hmmm...

What's you're take on this?

Shouldn't the responsibility for account security rest not only with the customer but also with the bank itself? What level of authentication and protection against fraud does your bank offer for its online customers?

If the banks are going to try to dodge any liability, will you ditch internet banking altogether?

Have your say on this...

PERMALINK to this column

Oh, and don't forget today's sci/tech news headlines

Rank This Aardvark Page

Change Font