Banks should not refund customers who fall victim to cybercrime offences because it "rewards" them for poor internet security, the Metropolitan Police Commissioner has said.
Bernard Hogan-Howe made the remarks to the Times ahead of planned measures to include cybercrime statistics in official criminal figures, a change which could double official recorded cases of crime.
He says that by reimbursing customers who fall victim to online crime, the banks are effectively incentivising consumers who fail to update anti-virus software and improve passwords.
"If you are continually rewarded for bad behaviour you will probably continue to do it but if the obverse is true you might consider changing behaviour," he told the broadsheet. "The system is not incentivising you to protect yourself. If someone said to you, ‘If you’ve not updated your software I will give you half back,’ you would do it.”
GCHQ estimates that 80% of cybercrime could be prevented by better passwords and regularly updated security software.
According to a survey by Norton Cybersecurity last year, two in five (44%) UK consumers have fallen victim to cybercrime but about the same number (42%) do not change their passwords after such an attack.
City of London Police chief Adrian Leppard last year said that up to 80% of online crime goes unreported to the authorities.
Speaking at a Tech UK conference, Leppard said that the vast gap between what is reported and the actual threat level arises "primarily because banks are happy to write off incidents as costs, thereby costing the consumer collectively and funding ongoing cyber-criminality".
Hogan-Howe's comments have been criticised by consumer group Which?. Executive director Richard Lloyd says: "With online fraud increasing, this is an astonishingly misjudged proposal from the Met Police Commissioner. The priority should be for banks to better protect their customers, rather than trying to shift blame on to the victims of fraud."
The Met has since moved to defend Hogan-Howe, arguing that although his comments were reported fairly in the Times, it is "wrong" to interpret them as proposal that fraud victims should not be compensated.
"His comments focused on consumers who don't take basic precautions such as adequate password precaution and security measures - not a blanket proposal for all online fraud victims," states the Met. "It has a parallel to insurance companies who do not pay out on claims if the front door is not secure or car left unlocked. To suggest otherwise is misleading."