01:25 PM
Bank of Ireland Phishing Refunds: How Can Banks Reduce User-Controlled Risk?
By Greg MacSweeney, Wall Street & Technology
Despite the generally accepted belief that the user is solely responsible for his or her user name and password, at least one bank -- and probably many more -- has quietly refunded customers who were defrauded by phishing attacks.The Bank of Ireland is the latest bank to refund customers who became victims to phishing attacks. While the total amount of the refund was estimated to be relatively modest, totaling 160,000 euros, according to finextra.com, it is worth noting that some banks will cover fraud and phishing financial losses if the perceived benefit (improved customer service and reassuring clients that it is safe to transact online) is substantial enough. It's also important to note that it has been reported that a few of Bank of Ireland's customers threatened litigation if the Bank of Ireland did not reimburse their accounts.
Still, once banks grant access to customers and set up the proper passwords, user IDs and, perhaps, multifactor authentication (all good and proven risk-mitigation techniques), the banks have little control over how their customers manage their passwords -- such as placing their password on a sticky note or sharing it with a family member -- or if customers unwittingly divulge their information to a phisher.
Nonetheless, it seems that banks are willing to take on this risk -- to a point -- in order to maintain customer loyalty and to bolster their belief in the safety of online financial transactions, a belief that has taken a hit over the past few years as phishing, keylogging and other cybercrime has become more intricate and harder to detect for the consumer. There will be a point when banks say enough is enough: "We have provided the safeguards, the education and the fraud detection technology to the customer, and we can't control all of their habits." At that point, at least part of the burden will be placed on the customer. But in the current environment, this risk is still covered by the banks. Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology. View Full Bio