Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk Management

01:25 PM
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Bank of Ireland Phishing Refunds: How Can Banks Reduce User-Controlled Risk?

By Greg MacSweeney, Wall Street & Technology Despite the generally accepted belief that the user is solely responsible for his or her user name and password, at least one bank -- and probably many more -- has quietly refunded customers who were defrauded by phishing attacks.

By Greg MacSweeney, Wall Street & Technology

Despite the generally accepted belief that the user is solely responsible for his or her user name and password, at least one bank -- and probably many more -- has quietly refunded customers who were defrauded by phishing attacks.The Bank of Ireland is the latest bank to refund customers who became victims to phishing attacks. While the total amount of the refund was estimated to be relatively modest, totaling 160,000 euros, according to finextra.com, it is worth noting that some banks will cover fraud and phishing financial losses if the perceived benefit (improved customer service and reassuring clients that it is safe to transact online) is substantial enough. It's also important to note that it has been reported that a few of Bank of Ireland's customers threatened litigation if the Bank of Ireland did not reimburse their accounts.

Still, once banks grant access to customers and set up the proper passwords, user IDs and, perhaps, multifactor authentication (all good and proven risk-mitigation techniques), the banks have little control over how their customers manage their passwords -- such as placing their password on a sticky note or sharing it with a family member -- or if customers unwittingly divulge their information to a phisher.

Nonetheless, it seems that banks are willing to take on this risk -- to a point -- in order to maintain customer loyalty and to bolster their belief in the safety of online financial transactions, a belief that has taken a hit over the past few years as phishing, keylogging and other cybercrime has become more intricate and harder to detect for the consumer. There will be a point when banks say enough is enough: "We have provided the safeguards, the education and the fraud detection technology to the customer, and we can't control all of their habits." At that point, at least part of the burden will be placed on the customer. But in the current environment, this risk is still covered by the banks. Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology. View Full Bio

Register for Wall Street & Technology Newsletters
Video
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.