FIPR slams UK web banks over security

[William Knowles <wk () C4I ORG>]

http://www.uk.internet.com/Article/100648

James Middleton
Oct. 11th 2000

The Foundation for Information Policy Research (FIPR) today launched a
bitter attack on the UK's internet banks. The think tank told
uk.internet.com that web banks are acting irresponsibly by not
developing adequate security and holding customers responsible for
online fraud.

The study - Ecommerce: Who Carries the Risk of Online Fraud? - argues
that UK internet banks fail to encourage the development of adequate
security measures, preventing the banking system from playing its
proper part in the development of ecommerce.

It criticises a number of banks, including Bank of Scotland, Egg and
Halifax, which claim that their systems are so secure that any fraud
must be the fault of customers.

According to FIPR, the crux of the online debate is based on a lack of
understanding about who should be responsible for security in the
online world. In standard transactions, if a bank debits a customer's
account from a forged cheque, it must credit the account.

Security measures, such as signatures on cheques, prevent this system
from being abused by making it impossible for customers to cancel any
debit by claiming that it is a forgery. But should the bank have a
cheque bearing a signature that is virtually indistinguishable from
the customer's "then the customer cannot expect to succeed by mere
unsupported denial", said the report.

The situation becomes more complex in an online environment, where the
bottom line is that customers will in effect have to rebut the
electronic evidence produced by the bank and in some cases may be
unsuccessful even if transactions are proven to be fraudulent.

The authors of the report, solicitor Nicholas Bohm and information
security consultant Brian Gladman, said the debate about
non-repudiation over electronic fraud between the bank and the
customer was the cause of much frustration between lawyers and
engineers "whose arguments pass through one another like angry
ghosts".

Apparently, this situation will force banks to rethink liability and
security issues in the new economy. "The provision of online services
is one of the most effective uses of the internet for ecommerce, and
is a valuable sector for just such enterprises. But when payment is
made through existing card systems it attracts the greatest risk to
merchants," said the authors.

You can get the full report here:
http://www.fipr.org/WhoCarriesRiskOfFraud.htm


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".