UK Banks Weasel on IT Security!
According to an article on The Register, the UK Banks want their customers to be responsible for losses incurred by customers if said customers have out of date anti-virus or anti-phishing or firewall protection. The Banking Code, produced by the British Bankers’ Association (BBA), and followed by most UK banks presumes that bank customers are competent to manage the appalling and ineffective security software that comes loaded on their PCs.
The code says: “If you act without reasonable care, and this causes losses, you may be responsible for them. This may apply, for example, if you do not follow section 12.5 or 12.9.”
And Section 12.9 says: “Keep your PC secure. Use up-to-date anti-virus and spyware software and a personal firewall.”
The new code came into effect at the beginning of April.
Good luck with that, my weaselly banking friends!
I’ll bet your customers really appreciate the service. Just try to pin the costs on even one person, then sit back and watch the negative publicity hit the fan.
One of my correspondents who gave me the heads up on this, writes:
“This seems totally unreasonable to me and I doubt that they would be able to enforce it. I prefer not to run AV on my PC, because it slows it down to a dead-stop at times and makes it almost unusable and I know that I am not alone in this.”
Gosh, you mean that, er…, AV, er…, sucks like a black hole at the event horizon.
“Similarly, firewalls, when set to any significant level of security, prevent access to so many sites that it becomes impossible to access anything without customisation that most users are incapable of. My ISP provides a level of protection and so does my email service and that is more or less what I rely on. Of course, it does depend whether you are running Windows, OS X or Linux.”
And, I might add, Windows with Vista’s irritating security features turned on.
“Most of the AV software used by consumers is either included in the package when they purchase their PC, or is free, or both and we both know how effective it is likely to be. I do hope that the UK banking industry is not relying on this to prevent losses online!”
Quite so. Personally I bank with HSBC. I rarely endorse companies I use, but HSBC gets my vote for online Internet Security. Its system is fairly bullet proof even if there’s a keylogger Trojan running on your PC recording your keystrokes. Anyway I use a Mac, which means that the probability of a virus getting in is lower than Hillary Clinton’s chances of becoming president – by which I mean zero.
But even so, I think this is all “a bit Ron Weasley” of the UK banks. The truth is that if AV companies were good at end-point security, the banks wouldn’t have to publish such unfriendly guidelines. If you want to know more about the failures of AV companies read the AVID postings.
British Bankers’ Association here. I’m sure we’re not being weaselly. Though we think you invented the word and we’re not sure what it means.
Let’s get this straight: it is still the case that customers are not responsible for losses on any of their bank accounts unless they have acted fraudulently or without reasonable care.
Yes we do advise customers to keep their computers secure by using up to date security software. And we also warn against responding to suspicious emails (as do banks).
But the key point is that failure to follow this advice will not necessarily result in a customer being asked to foot the bill for losses. Each bank will have its own approach and will assess each case on its merits. And the burden of proof will always lie with the bank to prove the customer has behaved unreasonably or fraudulently.
Surely we can’t say fairer than that?
The BBA response clarifies the situation to some degree, but we’ll see what happens if any bank gets heavy with even one customer. As regards the questioning of the word “weaselly”, it comes an old English joke. Have you not heard it?
Q: How do you tell the difference between a weasel and a stoat?
A: It’s not hard. A weasel’s weaselly recognised and a stoat’s stoatally different.
The UK banks story has a history. Such a policy was first floated about three years ago and is part of an ongoing policy by the banks. They are moving this way. It’s the reason they offer anti-virus software from their web sites. It’s offered of course in the form of links to the web sites of companies that are providing it for free!!! Now there’s a thing.