New code could make victims liable for bank fraud

Banking Code 2008 says consumers must have reasonable security measures in place

Security experts have warned that new banking rules could mean liability for online fraud losses falls on customers rather than the banks.

The Banking Code 2008, launched at the end of March by the British Bankers' Association (BBA), advises consumers to use "up-to-date anti-virus and spyware software and a personal firewall", and to access banking sites by manually typing the url into the browser rather than following links.

"If you act without reasonable care, and this causes losses, you may be responsible for them," the code warns.

This leaves the way open for banks and building societies to hold their customers liable for fraud losses, according to Yuval Ben-Itzhak of security vendor Finjan.

"Business customers should take steps to review their IT security arrangements and ensure that they have the needed solution to protect their IT resources," he added.
A spokesman from the BBA said that although every case would be evaluated according to the specific circumstances of the fraud, they would not ask customers "to do anything which would not normally be expected".

"The banks are looking for customers to take reasonable precautions – some banks will even provide [anti-virus] for them," he added.

But new research from Point Topic has revealed that only eight per cent of consumers feel safe using their computer at home.

Seventy eight per cent of consumers said they have some form of anti-virus software but just 53 per cent have a firewall, according to the research.

"This is actually a drop over the last 6 months. Our previous survey in the series returned 85 per cent and 56 per cent for users saying they have adopted those precautions,” says John Bosnell, senior analyst at Point Topic.