Bank customers may be obliged to bear the bill for fraud against their accounts, under proposed changes mulled by banks, the UK government and GCHQ.
Under the plans, individuals or companies with poor online security could be “frozen out of banking services or even excluded from the system whereby banks compensate customers whose accounts are hacked”, the Financial Times reports.
UK banks - unlike those in the US - routinely cover the costs of online fraud, at least in cases where customer negligence (such as sharing PIN codes or cards with third parties) is excluded. Pushing the burden of fraudulent losses towards customers is likely to be hugely controversial. Bankers’ bonuses in the wake of taxpayer-funded bailouts of several banks in 2008 have already caused a huge series of rows and radical changes in liability for online banking fraud through phishing and banking trojans is likely to be even more contentious.
The circumstances suggest that ministers are floating an idea they already know is controversial, even politically unpalatable. If anything comes to light it's likely to be much diluted.
Some security vendors - normally cheerleaders for UK government security plans - have already expressed opposition to the possible banking liability shake-up.
Olov Renberg, the founder of behavioural biometrics firm BehavioSec, commented: “It troubles me that bank customers could soon be forced to cover the bill and take liability for fraudulent activity on their accounts. Time and time again government schemes and individual enterprises have tried to teach consumers the best practices of operating online, yet online fraud continues to rise – why?
"It’s not because of a lack of awareness. Quite simply, security is no longer a consumer’s number one priority when operating online. Today we prioritise convenience online – meaning laborious tasks such as multiple authentication processes are often side-stepped.
“If banks want to reduce fraud for their customers, they need to avoid making consumers the gatekeepers of their own security. If they [banks] are selling consumers convenience and always-on availability, then they need to take on the bulk of the security burden themselves and implement security measures that accurately authenticate users without forcing them through frustrating, inefficient authentication barriers,” he added.
A study by British industry group Financial Action Fraud shows that losses stemming from financial fraud involving payment cards, cheques and remote banking hit £755m in 2015, up 26 per cent on the previous year. ®