The Banking Association has quietly slipped a clause into its new Code of Practise, introduced last week, that banks should be able to access a customer's PC in a case of internet fraud. The idea is that if someone hacks your online banking password and steals money from your account, you - not the bank - could be liable if you have been using "a computer or device that does not have appropriate protective software and operating system installed and up-to-date, [or] failed to take reasonable steps to ensure that the protective systems, such as virus scanning, firewall, antispyware, operating system and anti-spam software on [the] computer, are up-to-date". (Read Stephen Bell's full Computerworld story here.)

That's a very sweeping disclaimer. While it's pretty obvious that writing your PIN number on a sticky note in your wallet is failing your security obligation to your bank in that department, security software, and to what degree it's up to date, is a much more grey area. Losing your life savings for not keeping up with the blizzard of Windows update patches would be pretty rough.

Plus: Is the firmware firewall in your router enough, or do you have to install a software firewall? If so, is Windows' one-way firewall enough? And no antivirus maker immediately releases a fix for a new virus threat. How soon should customers be expected to hit their home PC and update their security software?

As my collegue, Computerworld editor Rob O'Neill points out: "I find security hard - imagine how pensioners feel? Or people with kids downloading stuff?" (Note that while Rob says he finds security hard - hey, I get confused too - he's no duffer. The kid's just finished his first podcast, featuring discussion of the new banking code, plus goodies like an interview with AUT radio astronomer Sergei Gulyaev.)

I can appreciate where banks are coming from as the amount of money stolen online continues to rise. Last year 3.5 million - yes, million, people in the US lost money to internet bank or credit card fraud. (Here, my bank, the ASB, has just reduced its online transfer limit from $800 to $300 a day in reaction to an email scam). And banks have been, until now, picking up the substantial tab. Still, it will be the instinctive reaction of many customers that banks should be able to somehow make their websites safer themselves, and an increasing number will just get turned off online banking altogether - which seems surreal this far into the internet revolution.