KEY POINTS:
Under a new code of practice introduced by members of the New Zealand Bankers' Association, online customers could find themselves out of pocket if they are defrauded and do not have up-to-date software.
Banks might ask to search a customer's computer - and the code says customers could be liable for online losses if they "failed to take reasonable steps to ensure that the protective systems such as virus scanning, firewall, anti-spyware, operating system and anti-spam software on your computer" were not up-to-date.
But not everybody is happy with the new code. The Consumers' Institute, internetNZ, Computerworld and NZ InfoTech have made submissions asking for clarifications and changes.
Bankers' association chief Alan Yates said the submissions were being considered but it would take a few weeks before the process was completed.
Consumers' Institute head Sue Chetwin said it was difficult for customers to know what the most up-to-date security was.
"Banks are expecting people to have the most up-to-date software on their PCs before accepting responsibility for any fraud, or they say they will look at it on a case-by-case basis. We think that puts too much onus on the consumer.
"The banks also reserve the right to look at your computer and that's too onerous as well.
"You could have all sorts of information on your computer and you wouldn't know whether the bank was able to protect that or not.
"They also say you can't keep your password electronically. These days with encrypted passwords that should be no problem."
Banks insist they will, as they always have, look at each online fraud case to determine liability.
But where does that leave consumers? Somewhat confused, said NetSafe executive director Martin Cocker.
"It's not really that clear [from the code] about what line you would cross where you would become responsible for the fraud.
"You talk about people taking reasonable steps, but that's certainly a term that can be argued and disagreed on. If banks are going to transfer liability to customers under certain conditions then they need to be very clear about what those conditions are so that customers can ensure they meet them."
He said protecting money was a joint responsibility of the customer and the bank.
"But online banking is a new environment for many consumers so we need to be realistic as an industry about how much responsibility we can push on consumers."
Banking Ombudsman Liz Brown said the principle of the code was fair, but it was not clear how it would work in practice.
"They have extended to internet banking the principle they apply to card and other sorts of banking which is, fairly roughly, if the customer takes reasonable care of their means of access to their bank account then the bank will carry the risk of unauthorised transactions.
"What the debate is about is what that level of reasonable care is.
"We are working in a new field. internet banking fraud is not huge in New Zealand and banks on the whole do a good job of catching it."
She said she had not received any complaints under the code, which came into effect on July 1.
A BNZ spokeswoman said banks could not make a customer's computer secure. "If somebody is going to get into their bank account, they won't get in through us, they will get in through the customer's PC. The weak link in the chain is the customer's PC, which is why we have said the customer has to take some action otherwise you are too vulnerable."
Kiwibank said it had no instances of online banking fraud in the last financial year. BNZ was the victim of 40 online frauds last year out of 136 attempts.
Last year, Westpac stopped 168 attempted internet frauds. Losses from online fraud totalled $127,000.
Online banking guide
All banks have state-of-the-art protection software. Most banks offer an added security step called two-factor authentication, which comes in different forms. One form, for example, is using your mobile phone to generate a unique code every time you want to make a transaction.
National Bank
* Online banking: Customer number and password required.
* Reimbursement for online banking fraud is decided on a case-by-case basis. "Where it's clear the customer did not aid the fraud and has suffered a loss, then we will reimburse that loss," the bank said.
* Website advice on combating online fraud.
* Offers two-factor authentication
ANZ Bank
* Online banking: Customer registration number and password required.
* Reimbursement for online banking fraud is decided on a case-by-case basis.
* Website advice on combating online fraud.
* Offers two-factor authentication.
ASB
* Access code and password required.
* Reimbursement for online banking fraud is decided on a case-by-case basis.
* Website advice on combating online fraud.
* Offers two-factor authentication.
Kiwibank
* Online banking: Access number and password required followed by an extra security step, which requires the customer to enter a code displayed on the screen.
* Reimbursement for online banking fraud is decided on a case-by-case basis.
* Website advice on combating online fraud.
* Currently trialling a type of two-factor authentication in which pre-selected questions are emailed to the customer and the customer gives answers.
BNZ
* Access number and password required.
* Reimbursement for online banking fraud is decided on a case-by-case basis.
* Website advice on combating online fraud.
* Offers two-factor authentication
Westpac
* Customer ID and password required.
* Reimbursement for online banking fraud is decided on a case-by-case basis.
* Website advice on combating online fraud.
* Does not offer two-factor authentication.
