[LINK] Liability for Internet Banking (was Re: Suncorp security (Alan L Tyree)

Craig Sanders cas at taz.net.au
Tue Feb 20 07:42:05 AEDT 2007 

On Mon, Feb 19, 2007 at 04:45:39PM +1100, Howard Lowndes wrote:
> Alan L Tyree wrote:
> >Phishing, disclosure under threat, and other similar problems are
> >interesting. The Code does not address them directly, but the
> >Banking Ombudsman has consistently held that these are not voluntary
> >disclosures and so the consumer is not at "fault".
>
> I can understand that disclosure through keystroke or mouse movement
> loggers could possibly be classed as non-voluntary, but plain simple
> phishing is very voluntary and I believe the banks should be allowed
> to step away from it if it can be proven to be the conduit or it
> cannot be proven that another conduit was the likely cause.

so if you're conned, you're not a victim of crime?  you're a voluntary
participant?


personally, i think there's a much better case to argue that the banks
can evade liability when the customer has been negligent in securing
their computer....and even that is very dodgy.


> If the computer user is to be allowed to avoid liability under this 
> basis then the onus should be on that computer user to demonstrate that 
> they took all reasonable precautions to achieve a secure computer 
> environment.  IMO the cop out is just too broad to be acceptable.

of course, that means not using MS Windows for internet banking.  since
there are several viable alternatives (including linux and mac os x), it
is a perfectly reasonable precaution.

except that the banks have shot themselves in the foot there by
recommending, and sometimes insisting, that customers use MS Windows and
IE.

> >The main problem for the immediate future is that many new players
> >will be offering electronic financial services. They are unlikely to
> >subscribe to the Code willingly. The banks didn't do it willingly
> >either, but it was subscribe or face legislation. I don't have any
> >idea how this problem will play out.
>
> New players should be told quite clearly - agree to compliance, or no
> licence.

yep.

craig

-- 
craig sanders <cas at taz.net.au>

More information about the Link mailing list