UK Banking Customers Could be Forced to Pay for Fraud

UK Banking Customers Could be Forced to Pay for Fraud

UK consumer and corporate banking customers could find they have to foot the bill for fraud themselves if they haven’t taken adequate security measures, according to new plans being mooted.

The Bank of England, GCHQ and the government are discussing the idea, which could also involve shutting out such individuals from banking services altogether, according to the FT.

At present in the UK, and most western countries, the banks foot the bill for fraud even if it came about because the victim failed to adequately secure their personal information and/or keep their computer up to date with security software and patches.

Fraud is big business these days, with online banking losses jumping 64% last year to reach £133.5 million, according to Financial Fraud Action UK. In addition, the value of e-commerce fraud jumped 19% from 2014 to 2015 to reach £261.5 million.

A new study from the UK Fraud Costs Measurement Committee (UKFCMC), Experian and PKF Littlejohn released this week claimed that fraud in total costs the UK economy £193 billion per year.

Plans to push more liability for fraud onto banking customers have been mooted for years, but they’ve proved controversial – not least because consumer groups claim it would disadvantage the elderly and those less capable of protecting themselves.

Any move of this kind would have to go hand-in-hand with greater help from financial institutions on internet security.

Javvad Malik, security advocate at AlienVault, described the plan as a “bad idea.”

“It will be difficult, if not impossible to agree what an acceptable baseline of security is. Will banks mandate which operating systems and browser versions are relevant? For example, will they block any visitors running windows XP?” he added.

“If that is the case, then the tables can very easily be turned if, in court, a customer asks a bank to demonstrate that all their systems involved in the online banking ecosystem meet the same level of base security controls. With many banks running legacy systems, it will be a difficult case to make – not to mention can potentially expose confidential information about the bank’s setup.”

Banks are best placed to invest in fraud detection and prevention at their end, he argued.

Source: Information Security Magazine