[LINK] NZ Passes Liability for Insecurity to Consumers

Roger Clarke Roger.Clarke at xamax.com.au
Tue Jul 3 11:34:15 AEST 2007 

[NZ's slack-and-idle regulator has permitted NZ banks to impose 
increased liabilities on consumers for ePayments that go wrong.

[The consumer movement in Australia is fighting hard to make sure 
that the Australian banks don't get away with such nonsense, as ASIC 
reviews our Code here.

[See:

Review:
http://www.asic.gov.au/asic/asic.nsf/byheadline/Review+of+the+Electronic+Funds+Transfer+Code+of+Conduct+2007?openDocument

Submissions:
http://www.asic.gov.au/asic/asic.nsf/byheadline/EFT+Code+review+2007+submissions?openDocument

Online fraud targeted
Patrick Gray
July 3, 2007
Next Section of SMH and Age
http://www.smh.com.au/news/security/online-fraud-targeted/2007/07/02/1183351124220.html

Companies at the frontline of the fight against computer-enabled 
fraud are trying new ways to curb this growing threat.

Banks in New Zealand may no longer automatically reimburse victims of 
internet banking fraud if their computers are found to be insecure 
and eBay has revealed it sent fraud investigators and computer 
equipment to Romanian law enforcement agencies in an attempt to curb 
the country's high fraud rate.

Until now, banks have reimbursed the victims of internet banking 
fraud. However, under New Zealand's new banking code of practice, 
which came into effect on Sunday, financial institutions will reserve 
the right to conduct a forensic analysis of fraud victims' computers. 
If the system lacks operating system updates and security software, 
they may deny reimbursement claims.

"The code clarifies responsibilities," Bankers' Association chief 
executive Alan Yates says. "The customer has a responsibility to keep 
their identity and information safe. (They) may be liable if they 
breach the banks' terms and conditions."

Consumers will also forfeit compensation if they "negligently" 
disclose their PIN or internet banking details.

However, Mr Yates argues the code is not a radical departure from 
existing policy: "Banks have in the past willingly compensated 
victims of fraud; there's no intention to change that practice."

The Australian Bankers' Association considered endorsing a similar 
code in June, but decided against it. "It is very important for our 
bank customers to have faith in the security of the system, and for 
that reason we have stuck with our existing position," the ABA's 
chief executive David Bell says.

Meanwhile, eBay is training Australian police in online fraud 
investigation techniques. The company hosted a series of workshops in 
Sydney last week, attended by 48 law enforcement agents.

Matt Henley, senior manager of eBay's Technical Investigations and 
Analysis Group in the US, says more and more of his investigations 
led to Romania. "We decided as a company to form a team to address 
this issue."

Many Romanian law enforcement and court officers were not computer 
literate. "It was an open environment where (criminals) could go in 
and commit these crimes without any recourse because the people that 
are responsible for going after them just did not have the ability to 
understand the crimes," Mr Henley says.

Computer-literate police often had to conduct investigations from the 
same internet cafes used by criminals to commit online crimes.

Over three years, the company trained police and donated computers 
and internet connections to police stations. eBay claims its 
initiative in Romania has resulted in hundreds of arrests.

Companies affected by fraud are reluctant to disclose fraud figures. 
eBay's director of trust and safety and former AFP officer Alastair 
MacGibbon claims this is partly because the media sensationalises 
online crime.

"Spurious figures get such a good run," he says. "All that cuts 
through is some alarmist figure. You put the words 'internet' and 
'crime' in one sentence and people become irrational. You cannot get 
any semblance of equal or fair discussion."

He says eBay's survival and growth prove fraud is a minor issue and 
the level of fear around internet crime is disproportionate to the 
threat.

However, official figures suggest online fraud is growing. A 
stockmarket filing published by US-based share trading company 
E*Trade in November, 2006, showed the company's online fraud-related 
losses increased 97 per cent to $US45.7 million ($A53.8 million) and 
55 per cent to $US101.9 million for the three and nine months ended 
September 30, 2006, respectively, compared to the same periods in 
2005.


-- 
Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW

More information about the Link mailing list