Banks mull customer liability for online fraud

Experts warn that banks may get tougher on consumers who do not do enough to protect themselves

IT security experts have warned that UK online banking customers could soon be liable for any money lost through identity fraud, if they do not take reasonable steps to ensure their PCs are secure.

At a roundtable event, Mark Murtagh, technical services director of web security vendor WebSense, argued that banks are keen to keep consumers confident of the safety of their online services, but if the costs of online fraud become too great they may "put responsibility on the end-user".

Murtagh added that the case for pushing more liability onto customers could grow stronger if banks also provide antivirus and anti-spyware protection.

"HSBC has already been considering it…there is the potential that the banks will go back to the consumer and say, “We've offered you good practice guidelines online and 12 months free antivirus. If you don't [make use of these] we refuse to pay out."

But Les Fraser, security advisor for the British Computer Society, said that banks could suffer a customer backlash if they take such steps. "If [financial] organisations get too strict on the security side there'll be a pushback on the consumer side," he predicted.

Responsibility for the safety of the internet as a platform for e-commerce and to access services should also lie with the government, Fraser argued.

"There is a responsibility on the individual…but the government should also treat e-crime much more seriously. Currently the penalties are not that great and trying to get the police authorities interested is [difficult]," said Fraser.

Richard Starnes, president of the International Systems Security Association, added that funding for specialist computer crimes officers in local police authorities is set to expire. This together with the recent absorption of the National Hi-Tech Crime Unit (NHTCU) into the serious Organised Crime Agency (Soca), means there is a "black hole" for the investigation of online crime, he argued.

"I don't believe they understood that this move would create the backlash it has," Starnes said. "We're living in a country that [effectively] doesn't have a national computer crime unit, certainly not on level two crime."