Dear ,

More than a month after the official deadline for submissions to ASIC’s review of the Electronic Funds Transfer Code of Conduct, the Australian Bankers’ Association has lodged its submission, arguing for wider uptake of the Code by industry participants, but no change to existing provisions regarding liability that protect consumers from online banking fraud losses.

The review process has been surrounded by controversy, with both Suncorp and Bendigo Bank initially arguing institutions should not be liable for losses in repeat-offender cases. Since then, both institutions have released “clarifying” statements arguing that there should be no immediate change in liability, and institutions should continue to educate their customers on ways to protect themselves.

The industry now appears to be singing from the one song book, with the ABA stating several times in its submission that no change to the current liability regime is required.

The question then remains as to how institutions will deal with customers that they argue have been educated, offered a second-factor of authentication, and then been defrauded a second or third time.

Suncorp says in this case banks should have the option of withdrawing online banking access, with the consent of the customer, until their IT security issues have been addressed.

Bendigo Bank says institutions should not be liable for “preventable loss” in cases where customers have been educated about the risks of online banking, encouraged to take up two-factor authentication, and then “willfully failed to implement security measures provided by the institution.”

And yet there is a very real concern among both Government and industry that any move to shift liability to consumers will have widespread implications on consumer confidence in Internet banking.

Payments body BPAY, which is owned by the major banks, argues particularly in the case of malicious software, consumers do not generally have the knowledge or skills to prevent losses.

It says the assignment of liability to consumers in the case of malicious software would undermine consumer confidence and consequently would undermine the entire online payments sector in the eyes of the consumer.

And therein lies the problem – what is seen “in the eyes of the consumer” as adequately protecting themselves online, may not be seen equally by the banking industry as an adequate measure. And this is where test cases and debates are yet to be had around when and if a consumer has contributed to the loss.

The ABA argues in its submission that the fast pace of change in the online fraud environment supports more frequent reviews of instruments such as the EFT Code. It has also suggested ASIC introduce and publicise a symbol that subscribers to the Code could display and use in documentation. Consumers would then be encouraged to question whether the provider of their EFT transaction subscribes to the Code.

What do you think? Should repeat-offenders be held liable? If institutions must toe the line and wear all liability would a symbol signifying an adherence to the Code help consumers feel more secure?

Kind Regards,
Charis Palmer
Managing Editor

Foresight Publishing's next industry briefing will explore sustainable banking.

Driven by corporate conscience, consumers or commercial reality? Find out at Green Banking 2007, Sydney June 28. 

Speakers/panellists have already been confirmed from:
Bendigo Bank, Ernst & Young, mecu, NAB, Savings & Loans Credit Union, and The Green Building Council

Secure your seat by registering today.
View the full program

Limited sponsorship opportunities still available. For more information call G Henshaw on 0411 888 471.

Endorsed by: