Security News > 2000 > October > FIPR slams UK web banks over security
http://www.uk.internet.com/Article/100648 James Middleton Oct. 11th 2000 The Foundation for Information Policy Research (FIPR) today launched a bitter attack on the UK's internet banks. The think tank told uk.internet.com that web banks are acting irresponsibly by not developing adequate security and holding customers responsible for online fraud. The study - Ecommerce: Who Carries the Risk of Online Fraud? - argues that UK internet banks fail to encourage the development of adequate security measures, preventing the banking system from playing its proper part in the development of ecommerce. It criticises a number of banks, including Bank of Scotland, Egg and Halifax, which claim that their systems are so secure that any fraud must be the fault of customers. According to FIPR, the crux of the online debate is based on a lack of understanding about who should be responsible for security in the online world. In standard transactions, if a bank debits a customer's account from a forged cheque, it must credit the account. Security measures, such as signatures on cheques, prevent this system from being abused by making it impossible for customers to cancel any debit by claiming that it is a forgery. But should the bank have a cheque bearing a signature that is virtually indistinguishable from the customer's "then the customer cannot expect to succeed by mere unsupported denial", said the report. The situation becomes more complex in an online environment, where the bottom line is that customers will in effect have to rebut the electronic evidence produced by the bank and in some cases may be unsuccessful even if transactions are proven to be fraudulent. The authors of the report, solicitor Nicholas Bohm and information security consultant Brian Gladman, said the debate about non-repudiation over electronic fraud between the bank and the customer was the cause of much frustration between lawyers and engineers "whose arguments pass through one another like angry ghosts". Apparently, this situation will force banks to rethink liability and security issues in the new economy. "The provision of online services is one of the most effective uses of the internet for ecommerce, and is a valuable sector for just such enterprises. But when payment is made through existing card systems it attracts the greatest risk to merchants," said the authors. You can get the full report here: http://www.fipr.org/WhoCarriesRiskOfFraud.htm *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".