Aardvark Daily

Please visit the sponsor!

InternetNZ, the banker's lapdog?

What is InternetNZ playing at?

According to reports in today's media, they've decided to tone down their response to the new Banking Code of Practice that came into effect last month.

Instead of demanding that banks shoulder their share of responsibility by providing something a whole lot more secure than just a name/password authentication, they've gone all wimpy.

While it's true that some banks have gone the extra mile to protect consumers through the use of key-generators and SMS-based confirmation systems, others (such as Westpac) are sorely lacking in their own authentication systems.

Is it really fair therefore, if the bank can't be bothered providing "state of the art" systems to protect users, that those users be left carrying the can when/if some evil little sod (ELS) manages to discover their login ID and password?

If Westpac put half as much effort into beefing up its own childishly inadequate login system as they obviously have in trying to find ways to avoid compensating victims of this substandard authentication method then I suspect we'd all be happy.

Right now, the banks are effectively trying to tell computer users what they can and can't use in the way of an OS and related security software. That's just not on!

A good front-end to an online banking system will be immune to the kind of attacks that a trojan or other spyware might result in. This demands two-factor authentication.

Why aren't InternetNZ rattling cages and making serious noises about Westpac's own inadequate systems -- instead of effectively siding with the industry and against computer users?

Please visit the sponsor!

Indeed, having "the most popular" OS, browser and anti-virus suite actually makes you a *bigger* target than if you're using some other far less commonly used platform.

And just where do we find a list of what software is considered acceptable by the banks and what's not?

If I'm running Windows 2000 -- is that considered "up to date" enough to indemnify me against online banking fraud?

What about Windows NT? 98 Millennium Edition? 98SE? OS/2? (after all, that last one was good enough for ATM use for a long, long time).

And what if my anti-virus database is two weeks out of date? A month? Two months?

If consumers aren't give very clear guidelines as to when they suddenly start carrying 100% of the risk for using online banking then how are they to know? Or perhaps this lack of information serves the banks "bullet-dodging" code of practice well. After all, as it stands, they could claim that just about any computer was "inadequately secure" because it's something done entirely at their own discretion with no fixed reference.

Surely it would be a lot safer just to ban stupid and gullible people from using internet banking. You know, the kind of people who open unsolicited email attachments, respond to those stupid lottery scams and spend half their day surfing malware-infected porno sites. They're surely the largest threat to online security.

I'm sorry but I really think this is a massive cop-out by the banking industry and InternetNZ.

Let's face it, ATMs and online banking are saving the banking industry a small fortune in staffing costs. The amount of money they're saving every day by having customers use internet banking rather than over-the-counter transactions must be many, many thousands of times the losses they experience due to online fraud.

If this was any country other than NZ (where the average person really doesn't give a stuff until they're directly affected) I'd suggest that we all cease and desist from using online banking and instead, perform every transaction over-the-counter. As soon as the banks (especially Westpac) saw queues stretching out the door every day you can guarantee that they'd revisit their lame new code of practice.

I am a Westpac customer but, unless they start offering two-factor authentication or drop their demands to dictate what software *I* use then I'll be switching to a far less risky banking environment -- and I'd urge others to do the same.

As for InternetNZ -- well I can't complain too much because I'm not a financial member but, if they're going to be lap-dogs to the banking industry, I doubt I ever will be.

Have your say on this...

PERMALINK to this column

Oh, and don't forget today's sci/tech news headlines

Rank This Aardvark Page

Change Font