Blog article
See all stories »

An article relating to this blog post on Finextra:

Lords calls for law to make UK banks liable for online fraud

The UK's House of Lords is calling on the government to make banks legally responsible for losses incurred by customers through electronic fraud.

See article

Are the Banks all to blame?

 As if the banks don’t have enough on their plates! Credit crunch, rising consumer debt, the cost of compliance and now - being called upon to be made liable for losses incurred by customers through electronic fraud.  Admittedly there are occasions when banks, quite correctly, have been fined for opening up their customers to the risk of fraud. Instances where data has been lost, for example through the careless actions of an employee, but banks are not the only culprits in this regards – Government departments too have been found to be careless on occasion. Significant investment has already been made by the sector over the past few years in combating fraud. Real-time card fraud detection using advanced analytics; biometrics; Chip and PIN, security dongles and random generated passwords are just some of the methodologies deployed to protect customers. Behind them sit complex, sophisticated analytics and modelling engines, constantly evolving encryption engines and an entire industry dedicated to protecting the customer. On the other side of the fence sit the fraudsters. Teams of highly intelligent computer experts, who are trying to keep pace with the developing technology – if not a team, then possibly a student without a real life! But there is a third element in this – the actual customer themselves. This is probably the weakest link in the security chain. We have all experienced phishing attacks. Ah yes , one thinks as one opens the mail, I bank with you therefore I will gladly share my personal details, PIN number, date of birth and mothers maiden name with you. How many times have banks stated that they, nor their employees, would seek anything as personal as a PIN number?  Why should the banks be made culpable when the actual issue may be the consumer themselves. It is not necessarily the banks fault but may be the naivety of the individual that causes the problem, despite best efforts to educate them.



Comments: (5)

A Finextra member
A Finextra member 09 July, 2008, 12:03Be the first to give this comment the thumbs up 0 likes Agreed, fault may lie with Customers too. But what do you want to propose? Are you suggesting to restrict liability clauses by banks? Are you asking consumer education be steped up? Are you suggesting customers to invest in web-seucrity devices? What is the action plan? Request to elaborate.
A Finextra member
A Finextra member 09 July, 2008, 13:03Be the first to give this comment the thumbs up 0 likes


I personally think banks should be put liable for the frauds that has happened in their bank either online, human error or in any other way. People keep their personal belongings at bank so that they will be secure. But I think what banks should do to make their system secure is to include new technologies like biometrics (as desktops and laptops of Gen Y… come with new technology) which will extended even for online banking so that there will be minimum risk involved. If after following all the instructions still the customer has been looted by an intelligent hacker then bank is liable. In that way both banks and customers will be happy, not everyone has biometric systems and if some fraud happens they can sneak away saying customer has not followed instructions otherwise they have to compensate customer. :)

A Finextra member
A Finextra member 15 July, 2008, 05:44Be the first to give this comment the thumbs up 0 likes

The customer is not to blame. They did not design the transaction system. The banks did.

Do you think the choice of whether a bank is responsible for it's customers money should be completely laissez-faire? Let the market and the consumers choose?

Of course I'd need to know a bank's policy in that regard, because it would influence any decision I made to do business or invest with them.  I wouldn't open an account and might not even except a cheque from one of their customers, and it would be risky to extend one of their customers credit. I'd be more likely to short them.

Is it actually 'banking' if the 'bank' has no liability and can let anyone steal your funds? After all, it's the bank's internet banking site.

Perhaps in the interests of banks which actually provide a traditional secure your money type banking service, any 'bank' which doesn't protect it's customers should preferably  be prohibited from using the word 'bank' in their name.

If any 'bank' is finding its too hard , maybe it's time for them to get out of the industry, before destroying any vestige of the trust built up over centuries.

Perhaps Las Vegas would be a more suitable place for those 'bankers' who would like to shift all the risk.

Definition of 'bank':

v. banked, bank·ing, banks To deposit in or as if in a bank.v.intr.1. To transact business with a bank or maintain a bank account.2. To operate a bank.

Phrasal Verb:

        bank on"To have confidence in; rely on". 

Perhaps modern banks fit this definition more:
1. A piled-up mass, as of snow or clouds.
A steep natural incline.
An artificial embankment.
The slope of land adjoining a body of water, especially adjoining a river, lake, channel or swamp.  

 It's a slipery slope to loss of confidence.

A Finextra member
A Finextra member 16 July, 2008, 16:40Be the first to give this comment the thumbs up 0 likes

My argument is purely that there are instances where the customer has to accept some responsibility for their actions, and the banks for their part need to protect their customers as much as possible.

Take phishing for example. Would you honestly, on request, hand over your bank account details, passwords and PIN numbers to a familiar looking stranger? This is effectively what you are doing when going onto that false website and type merrily away. The media has publicised the dangers of online fraud, and Banks stated that they would never email customers asking for account information. Making the banks culpible in this situation is the equivalent of blaming wine producers for drink driving!

Equally there are situations where the banks need to accept responsibility. Hack attacks can and do happen, one way to obtain customer data. Employees can obtain personal details and sell them on to fraudsters. Customer data can be left on trains by employees. These are clear instances where the banks need to put their hands up. The only grey area is whether the banks had sufficient security in place to protect the customer ie could a breach have been avoided given the current market technology available. How old are the security systems in place? What kind of investment has the bank made? In these instance the banks still carry the can.

Its about accepting responsibilities for actions. Customers facing up to accepting responsibility for their actions, and Banks for theirs.

A Finextra member
A Finextra member 18 July, 2008, 12:19Be the first to give this comment the thumbs up 0 likes

Its a good thing to make banks liable for online fraud. News articles concerning card fraud or online fraud truly make my eyes roll. It's truly exasperating to know that there is an easy and ideal solution that's just not being used. It is about the same as knowing there is a vaccine for a 'flu' that's just not being used.

Now hiring