Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

NZ banks demand a peek at customer PCs in fraud cases

If they don't get a look, the complaint may not get a listen

June 26, 2007 12:00 PM ET

Computerworld New Zealand - Banks in New Zealand are seeking access to customer PCs used for online banking transactions to verify whether they have enough security protection.

Under the terms of a new banking Code of Practice, banks may request access in the event of a disputed transaction to see if security protection in is place and up to date.

The code, issued by the Bankers' Association last week after lengthy drafting and consultation, now has a new section dealing with Internet banking.

Liability for any loss resulting from unauthorized Internet banking transactions rests with the customer if they have "used a computer or device that does not have appropriate protective software and operating system installed and up-to-date, [or] failed to take reasonable steps to ensure that the protective systems, such as virus scanning, firewall, antispyware, operating system and antispam software on [the] computer, are up-to-date."

The code also adds: "We reserve the right to request access to your computer or device in order to verify that you have taken all reasonable steps to protect your computer or device and safeguard your secure information in accordance with this code.

"If you refuse our request for access then we may refuse your claim."

InternetNZ was still reviewing the new code, last week, executive director Keith Davidson told Computerworld.

"In general terms, InternetNZ has been encouraging all Internet users to be more security conscious, especially ... to use up-to-date virus checkers, spyware deletion tools and a robust firewall," Davidson says.

"The new code now places a clear obligation on users to comply with some pragmatic security requirements, which does seem appropriate. If fraud continues unabated, then undoubtedly banks would need to increase fees to cover the costs of fraud," he says, so increasing security awareness and compliance in advance is probably the better tactic for both banks and their customers.

"Bank customers who are unhappy with the new rules may choose to dispense with electronic banking altogether, and return to dealing with tellers at the bank. But it seems that electronic banking and in particular Internet banking has become the convenient choice for consumers," Davidson says.

The code also warns users that they could be liable for any loss if they have chosen an obvious PIN or password, such as a consecutive sequence of numbers, a birth date or a pet's name; disclosed a PIN or password to a third party or kept a "written or electronic record" of it. Similar warnings are already included in the section that deals with ATM and PINs for Eftpos that was issued in 2002.

There is nothing in this clause allowing an electronic record to be held in a password-protected cache -- a facility provided by some commercial security applications.

For their part, the banks undertake to provide information on their websites about appropriate tools and services for ensuring security, and to tell customers where they can find this information when they sign up for Internet banking.

"One issue we have raised with the Bankers Association in the past is that banks should not initiate email contact with their customers," Davidson says.

The code allows banks to use unsolicited email among other media to advise of changes in their arrangements with the customer, but Davidson says they should only utilize their web-based mail systems.

"It is hardly surprising that some people fall victim to phishing email scams when banks use email as a normal method of communication, and therefore email can be perceived as a valid communication by end users," he says. 


Reprinted with permission from

For more news from Computerworld New Zealand, visit its Web site.Story copyright 2006 Computerworld New Zealand. All rights reserved.

Jump to comments

banks in new zealand

Additional Resources

Xerox
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Save time and mitigate security risk. Deploy it now.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

What People Are Saying

White Papers & Webcasts

Share our Strength
Download Now  

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...