KEY POINTS:
New Zealand's main banks are moving quickly to hose down potentially damaging wording in a new code of banking practice produced by the New Zealand Bankers Association, wording that implies consumers will be responsible for the security of online banking.
Banks and industry figures including BNZ, RaboPlus and internetNZ now agree the code, made available in most bank outlets for the past month, needs changing.
"The new revision of the code did not undergo as much public consultation as it might have," says Rick Shera, a partner at ICT law firm Lown- des Jordan, who is working with internetNZ on the issues. "The NZBA now realises this and, in addition to specific submissions internetNZ has made, internetNZ is looking forward to working with the banks on general security and confidence issues."
The Consumers' Institute has also asked for some more changes.
Its concern, says technical writer Marc Wendelborn, is that the onus is on consumers to prove they are keeping their PCs secure. "We are concerned it does not offer consumers much in the way of protection," he says. "People could lose their money and through no fault of their own."
Wendelborn agrees consumers have a responsibility for their computer's security. "A lot of people do have anti-virus software but a large percentage do not," he says. The institute has tested internet security suites and "something always gets through".
The institute has asked the NZBA whether it is going to advocate one, or provide a particular type of software package, but the banks are not keen.
The banks have always been "quite reasonable" about reimbursing people hit by online scams, says Wendelborn.
In response to a week of robust debate on the new code, one bank industry source told the Herald on Sunday: "All the banks are saying they will look after customers.
"The reality is the banks will pay out - but if the banks go out and say that people will be getting online any old way without any security and we don't want that."
The main message from the banks is people should be investing in or ensuring they have an automatically updating anti-virus software package on top of their "two factor authentication card". This should prevent most security fraud, not just in banking but doing anything online from shopping to surfing websites.
But consumers do need to shoulder some of the responsibility, or at least to be seen to be trying.
"It can be difficult if not impossible to keep one's computer 100 per cent secure, but that does not mean that people should be able to abdicate all personal responsibility and not take any security measures at all," says Shera. "It is good the debate around the code is bringing the issues out into a wider public arena."
Liz Brown, the banking ombudsman, is expecting to be keeping a close eye on any problems with consumers and banks over the new code.
"The banks seemed to be reasonably efficient in getting on to fraud attacks early," she says. "It is quite important to recognise banks should not be responsible for everything."
Linley Wood, of ASB, says the new banking code is setting the "minimum standard". "We have our own terms and conditions, and we look at them all the time."
Diane Maxwell, manager of external relations at BNZ, says: "What we are asking the consumer to do is their 5 per cent. We can't physically protect their machine."
Maxwell says fraud has decreased significantly since 2005 when NZ became a target for hackers. It has now sunk to just 1 per cent of the 2005 level, while internet banking transactions had gone up from 38 million in 2003 to 82 million last year.
With it seen as a lesser threat, the debate around the new code is a wake-up call for people to ensure they are as protected as they should be.
The NZBA said on Friday it was considering proposals to clarify the internet banking provisions within the revised code
Chief executive Alan Yates says: "The association has listened to concerns expressed in the media and will be consulting with the key stakeholders about these proposals."
A timeframe had not been set for the review, but it is expected to take some weeks. Yates stresses banks have always reimbursed customers who are genuine victims of fraud, and banks have indicated this will not change.
