Customers may well ask what chance they have if even the bosses of the banks are victims of fraud. Marcus Agius and Andy Hornby can't simply ignore the problem can they? What do shareholders really think?
There have been rumblings from downunder about focusing on social networking sites as the root of the problem. Cobblers.
A lot of social networking sites are suffering from significant levels of account hijacking. Many 'members' on sites are no longer active, or not by the original identity. Kids get their account hijacked and switch to a new site or 'identity' because it's
often easier and faster than trying to reclaim the original profile (often a 2 week wait). It's obvious that
they have a problem, but they aren't the cause of Marcus Agius or Andy Hornby's problem.
As for
pointing the finger at social networking sites, that's a sign of desperation.
The flaws in the financial systems offered by banks is what fuels the whole identity theft problem. If it wasn't so easy to get at someone's money then the information on the social networking sites would merely be valuable to marketers, rather than fraudsters
too. If banks believe their two factor authentication is so effective then why are they worried about social networking sites security?
If banks think they can ignore the fact that all a fraudsters requires is the personal information of a customer (or even the boss of a bank or two) in order to get the bank to give them their money, aren't they being irresponsible?
Blaming everyone else is worse than sticking your head in the sand and ignoring it. The root of the problem is with the financial service providers.
Banks created the problem and continue to provide fraudsters with the means to make easy monetary gains at their customers' expense. They did so in order to make more profit. They are responsible.
This is not to say that social networking sites don't have their own problems and even auction sites like Ebay are
rife with account hijacking. Many non-commercial sites have a very cavalier attitude to security and I'd like to see some university studies quantifying the real extent of account hijacking (and active as opposed to 'dead' accounts on both social and auction
sites).
Of real concern on social networking sites is the potential for predators to impersonate peers in their target groups. Despite Australia being in a unique position to lead the way in identity management both in the financial services sector and online, however
the financial industry certainly lacks the vision and leadership to deliver.
Whilst all internet sites should have the best possible security, banks must realise the actual conditions in the real world and cater to those with their transactions and processes, not expect everyone else to do things differently in order to mitigate
their own system short-comings.
This sounds like a back door attempt by the banks to get others to take on what is their own self-created problem, and possibly stifle any precursors to bank competition from flourishing.
Until Auscert and the banks recognise that a financial system which allows banking fraud merely by knowing either the card or account number or the personal details of a banking customer is the root cause of much of the personal data theft, and actually
fixes it, both probably shouldn't be pointing the finger.
It'll take more than Auscert and a few Aussie banks to fix the problem even if all the social networking sites had 10 factor authentication and unbreachable security.
It will be interesting to see what happens when some of the financially oriented social networking and account aggregator sites start providing better security than that which is provided by the banks.
Isn't that the holy grail? Googlebanking for instance might be a bit of a mouthful to try and snap up in a defensive takeover. I doubt any of the banks could even manage YahooBank. We're talking real money here, what's the value of digital trust?