NZ Banks blame you

Slashdot is covering Computerworld‘s scoop of the proposed NZ banking code of practise that demands to see users PC’s in the event of a disputed transacton. Slashdot readrers don’t like it. at all. and neither do I.

From TFA:

“Liability for any loss resulting from unauthorized Internet banking transactions rests with the customer if they have “used a computer or device that does not have appropriate protective software and operating system installed and up-to-date, [or] failed to take reasonable steps to ensure that the protective systems, such as virus scanning, firewall, antispyware, operating system and antispam software on [the] computer, are up-to-date.”

The code also adds: “We reserve the right to request access to your computer or device in order to verify that you have taken all reasonable steps to protect your computer or device and safeguard your secure information in accordance with this code.”

Three things.

1: I have a mac, and am pretty sure the banking clowns won’t know their way around it, and may even just say “no virus scanner” and deny responsibility.

I also access banking from within corporate netorks on corporate PC’s. Good luck with accessing those PC’s.

2: I travel a lot, and access internet banking from all sorts of  PC’s, including  internet cafes,  airport lounges, friends computers and the like. Many of those will have dodgy set-ups, but we live with what we can get.

3: You are my bank. I trust you with my money, but I do not trust you with my computer. You are not touching it.

I also do not trust banks’ own security measures. Why, for example, do I have a maximum of $10,000 per internet banking transaction and yet ‘no limit’ on telephone transactions. Do you not realise how easy it is to pick up my telephone transaction details, including my PIN? Think – cellphone scanners, phone records, home wireless phone, phone lines tapping, and you can even see the numbers I typed through the call on my cellphone. It’s all in the clear, while internet banking is encrypted from end to end.

The banks’ second line of security is ludicrous …. the fax. My bank once demanded that I make a transfer request by fax instead of internet banking. I was in South Africa, which is not the world’s most secure country for faxing from, but it did make me understand how those scammers get away with so much. What security measures do banks have over unsolicited faxes relating to my account? What is to stop someone else sending a fax in my name and demanding a transfer? How do I turn this ‘bank by fax’ feature off?

Fix your own nest before accusing your customers. And fix your websites’ UI as well please.