Tell internet bankers where to go!
* Updated! *
In July, the NZ Bankers' Association's new Code of Banking Practice came into effect. To paraphrase their new internet banking rules, if you any lose money as a result of using internet banking, tough luck!
How about this from page 36;
"You have breached our terms and conditions by doing the following... you have used a computer or device that does not have appropriate protective software and operating system installed and up to date."
There are no clues about precisely what this software might be. Is Windows 2000 okay? Windows 98? Linux? Could they claim that XP's been made redundant since the advent of Vista?
"You have failed to take reasonable steps to ensure that the protective systems such as virus scanning, firewall, antispyware, operating system and anti-spam software on your computer are up to date."
Again, no clues. And notice that "such as". If you get ripped off and you have everything up-to-date except the very latest anti-virus download, they can weasel out of recompensing you.
And in case you're wondering how they'll know what you're using;
"We reserve the right to request access to your computer or device in order to verify that you have taken all reasonable steps to protect your computer or device and safeguard your secure information in accordance with this Code. If you refuse our request for access then we may refuse your claim."
I don't use internet banking because I know how shitty most of their security systems are. One I looked at a few years ago only accepted six-character uppercase alphabetic passwords! No lowercase, numbers or symbols. It was a hacker's dream! Now, instead of beefing up their security to meet increasing threats, they've simply re-written their rules and passed the buck onto their users.
What a pack of bankers!
There's only one language these guys understand and that's business. If your bank doesn't have adequate internet banking safeguards, move to one that does.
Bruce Simpson on Aardvark has identified one crap bank; Westpac. So how do reader's rate the others? What security systems does your bank use? Drop me a comment and we'll start a list...
* Update 7 August 2007 *
Chris Keall covered the banks demanding a look inside you in a blog entry a little while back. That drew this delightful observation from reader Linsay;
What happens if I had used an internet cafe on the other side of the world... will they demand a look into that PC? Yes I know, I shouldn't use a PC I can't be sure is secure and yet the banks don't seem to mind:
Westpac: "From home, the office, or anywhere you have access to the Internet"
BNZ: "...using any Internet-enabled computer, anytime, anywhere in the world"
ASB: "...at a time and place that suits you. At home, at work, or anywhere in the world with access to the net via a computer"
'They' have my money, 'they' should have security to ensure 'they' don't loose it!
Nice one, Linsay! What do other readers reckon...?
PC World is New Zealand’s top selling computing and technology magazine.
Comments
PSIS is brilliant - they provide a small electronic device which displays a different 6-digit code every minute. No code = no login.
This device is also provided free of charge.
Posted by: Steve | August 13, 2007 12:36 PM
Linsay's observation just proves the fact that banks have no idea what each internal department of their operations are doing. The advertising dep't is saying "use our internet banking service anywhere anytime" and their security people saying the opposite.. Just the sort of confusion we've come to expect from large corporations..
Posted by: chris | August 9, 2007 8:46 AM
Wrong Rob, National Bank has two factor authentication, using SMS, its up to the user how they implement it though.
Posted by: Dave | August 8, 2007 10:59 AM
So ah, can anyone please suggest a bank that has good enough security measures?
Posted by: Tom G | August 7, 2007 2:57 PM
BNZ has a double level of security with their Entrust card. Each time I go into the site, enter my number and password, it tells me the number of my card (so that I can confirm that I am using the correct card), then it asks me to enter the symbol in each of three randomly specified addresses (out of 49) on the card. Only if they are all correct can I enter the site.
I wonder how the banks would respond to the challenge to check their own on line computers using ShieldsUp. Linux based systems are invisible to the outside if the test results are true.
Posted by: Jim Wilkinson | August 7, 2007 2:35 PM
BNZ has SMS and battleship style add-on to password, can be a slight overhead when making lots of payments, however happy to have it for safety
Posted by: MH | August 7, 2007 2:06 PM
ANZ never requires a password to be changed. I have used the same password since I joined in 2000.
Some people would say that is bad; however it does mean that people with poor memories are less likely to write their password down.
Posted by: Ross Nixon | August 7, 2007 12:08 PM
You could always use a live cd to access your internet banking. When the bank wants to examine your OS just take them the cd...
Posted by: chris | August 7, 2007 9:52 AM
TSB bank and the National Banks online banking security is just as bad. The browser will even remember the username and password. Rabobanks system is good and they give all users a small keypass token as part of the service.
TSB bank charges their customers if the want the added protection of this keypass token system, which I consider unacceptable. Therefore I fax TSB bank all my transfer requests, and this is free to do. This is very backward.
National bank doesn't provide any additional protection.
Posted by: Rob | August 6, 2007 10:24 PM