NZ: Online banking and fraud
It’s a rare pleasure to publicly hear from Stu Woollett (head of e-business at Westpac). That makes his article Internet banking less risky than driving a car a blog-worthy event.
I’ve previously expressed admiration for Westpac’s approach to online banking. For example, they don’t use 2FA and yet are the only major bank that has a guarantee which “promises to reimburse customers for any losses they suffer through Internet banking fraud.” Contrast this with the approach of most other banks who still want to make customers liable even when things are really beyond their control.
So when Stu talks, I listen. And sure enough his article had a few nuggets:
- “As a bank we’re acknowledging that cyberspace can be an unsafe place, but the bank can’t lean on customers to make it safe.”
- “We don’t make it a condition that you have to shell out for the newest, fanciest firewall or anti-virus software. We’ve got all that covered, and more, which is why we’re confident about offering our online guarantee to our customers.”
-”Our January statistics show us that we had nearly four million total logins. We had only one customer affected by a fraudulent transaction and they were refunded under the terms of our guarantee. Some months it doesn’t cost us a thing, and we’d like every month to be a clean month.” [emphasis added]
Wow, 1 fraudulent transaction in 4 million. That’s a pretty incredible statistic and helps put all the media stories about the dangers of transacting online in perspective.
That’s not to say that there aren’t dangers in transacting online. What it does mean is that a combination of security in depth that includes smart back-end systems combined with a commitment to make it work for customers provides the right economic setting for the service provider, not the customer, to take on and manage the risks.
I’m sure Bruce Schneier would approve.