funsec mailing list archives
Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases
From: "B.K. DeLong" <bkdelong () pobox com>
Date: Wed, 27 Jun 2007 13:25:43 -0400
Interesting - I wonder how long before online merchants subject to the PCI DSS will transfer liability to users. From the PCI to the Processors to the Auditors to the Merchants to the Consumers - what happened to "the customer is always right" ? On 6/27/07, Fergie <fergdawg () netzero net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Jevans: Where ever you are, you owe me a beer. I told you that the liability issues would start to shift more towards the consumer to prove they are not at fault. And it _will_ get worse. Bet on it. Via Computerworld.co.nz. [snip] Banks are seeking access to customer PCs used for online banking transactions to verify whether they have enough security protection. Under the terms of a new banking Code of Practice, banks may request access in the event of a disputed transaction to see if security protection in is place and up to date. The code, issued by the Bankers' Association last week after lengthy drafting and consultation, now has a new section dealing with internet banking. Liability for any loss resulting from unauthorised internet banking transactions rests with the customer if they have "used a computer or device that does not have appropriate protective software and operating system installed and up-to-date, [or] failed to take reasonable steps to ensure that the protective systems, such as virus scanning, firewall, antispyware, operating system and anti-spam software on [the] computer, are up-to-date." The code also adds: "We reserve the right to request access to your computer or device in order to verify that you have taken all reasonable steps to protect your computer or device and safeguard your secure information in accordance with this code. "If you refuse our request for access then we may refuse your claim." [snip] More here: http://computerworld.co.nz/news.nsf/news/FDA3CE33D73B5B82CC257302000B0EE8 - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) wj8DBQFGgpg9q1pz9mNUZTMRApWTAJ9pjNomy2oQjbldjFGEHg2gH0g18wCg4cb9 1pHQpoXboGgztQoo566EC2A= =MFlr -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
-- B.K. DeLong (K3GRN) bkdelong () pobox com +1.617.797.8471 http://www.wkdelong.org Son. http://www.ianetsec.com Work. http://www.bostonredcross.org Volunteer. http://www.carolingia.eastkingdom.org Service. http://bkdelong.livejournal.com Play. PGP Fingerprint: 38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE FOAF: http://foaf.brain-stream.org _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Fergie (Jun 27)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases B.K. DeLong (Jun 27)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 27)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Blue Boar (Jun 27)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Jim Murray (Jun 28)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Gadi Evron (Jun 28)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Nick FitzGerald (Jun 28)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Bill Weiss (Jun 28)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 28)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 27)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases B.K. DeLong (Jun 27)
- Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 27)
- Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Valdis . Kletnieks (Jun 27)
- Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 28)