KEY POINTS:
The touchy subject of whether consumers with insecure computers should be made liable for losses through online banking scams has reared its head again after creating a stir in Australia earlier in the year.
In January, the Australian Bankers Association denied its member banks were lobbying the Australian Securities and Investment Commission to give them the go-ahead to pass liability for losses onto consumers.
This covered those who hadn't used the right software to protect their computers from the type of phishing and key logging scams that the banks are increasingly faced with.
That ABA assurance put the argument to bed. But the newly drafted New Zealand Bankers' Association's Code of Banking Practice puts the issue back on the agenda.
It's a little sub-section in the section titled "Your liability" which is causing concern.
You may be liable for your online banking losses if "you have failed to take reasonable steps to ensure that the protective systems such as virus scanning, firewall, antispyware, operating system and anti-spam software on your computer are up to date," the code reads.
That potentially opens up a huge grey area that consumers shouldn't have to enter. The antivirus and online security is complicated enough without the banking industry setting vague minimum standards around how consumers should be protecting their computers.
As I wrote a couple of years ago in this column, the banks owe us security.
In this day and age, the banks are steering us towards internet services so they can reduce the costs of having physical branches and the staff to run them.
But they need to supply us with robust two-factor authentication to prevent our bank accounts from being emptied as Bruce Simpson describes here.
Because my bank uses two-factor authentication I have to key in a code that is text messaged to me as well as my username and password if I wish to withdraw more than $800 a day. It's a good system.
I pay for the cost of the SMS, but I'm happy in the knowledge knowing that the most that can be illegally taken from my account in a 24 hour period is $799.
The banks should focus on ensuring that every customer is doing this or using an alternative authentication system such as a USB card reader attached to the customer's computer. These devices should be given away for free to allow consumers to better protect themselves.
When it comes to phishing scams, this warning in the code on behalf of the banks is important for you to be aware of: "We will never send you an email asking you to confirm your security information or asking you to disclose your Password or security information by email."
Never enter your bank account details into anything other than the official internet banking page of your provider at a legitimate domain ie: starting with www.anz.com or www.bnz.co.nz etc.
Change your password regularly to avoid keylogging software being used to obtain your username and log-in electronically.
Demand a two-factor authentication system if one isn't in place.
The focus from the banks should be on improving the authentication processes of internet banking, not on shifting the liability to consumers.
The Australians have rejected that approach and so should we.
How secure do you feel using online banking? Would this liability clause in the code deter you from using online banking services?
