Archive for December, 2009

Online Banking: liabilities

Wednesday, December 30th, 2009

I was surprised to find that the co-operative bank’s policy is not as evil as “Security Engineering” would suggest bank’s policies are. Specifically:

“We will repay you any money that is taken from your account due to: any error by our staff or our systems, a computer crime which is not found and stopped by our security system.”

Whereas “Security Engineering” suggests that in general UK banks say ‘you are an evil criminal’ if a computer crime against your account succeeds.
Halifax says:

“If a customer of our online service is a victim of online fraud, we guarantee that they won’t lose any money from their account and will always be reimbursed in full.”

but I suppose the “our system is secure and so online fraud is not possible so you are a criminal” trick might work there…
Possibly this means that banks policies are improving as they realise that tackling fraud is their responsibility. (Perhaps they read the book which is very good).

From the point of view of login security the co-operative would give me a chip and pin card reader to verify online transactions which gives better security than Halifax’s username + password + some random fact that would be very easy to find out using something like facebook. (though there are flaws in such a chip and pin system detailed in the book).

Only 5 chapters left to read… :-)