Commissioner Hogan-Howe of the Met said on Thursday that the banks should not refund fraud victims because it “rewards” them for being lax about internet security. This was too much to pass up, so I wrote a letter to the editor of the Times, which has just been published. As the Times is behind a paywall, here is the text.
Sir, Sir Bernard Hogan-Howe argues that banks should not refund online fraud victims as this would make people careless with their passwords and anti-virus software (p1, March 24, and letters Mar 25 & 26). This is called secondary victimisation. Thirty years ago, a chief constable might have said that rape victims had themselves to blame for wearing nice clothes; if he were to say that nowadays, he’d be sacked. Hogan-Howe’s view of bank fraud is just as uninformed, and just as offensive to victims.
About 5 percent of computers running Windows are infected with malware, and common bank fraud malware such as Zeus lets the fraudster redirect transactions. You think you’re paying £150 to your electricity bill, while the malware is actually sending £9000 to Russia. The average person is helpless against this; everything seems normal, and antivirus products usually only detect it afterwards.
Much of the blame lies with the banks, who let the users of potentially infected computers make large payments instantly, rather than after a day or two, as used to be the case. They take this risk because regulators let them dump much of the cost of the resulting fraud on customers.
The elephant in the room is that the Met has been claiming for years that property crime is falling, when in fact it’s just going online like everything else. We’re now starting to get better crime figures; it’s time we got better policing, and better bank regulation too.
Ross Anderson FRS FREng
Professor of Security Engineering
University of Cambridge
But should you be surprised? Sir Bernard is just reflecting the opinion of the British establishment and the current government. The country is governed by a party with deep personal connections to banking and the financial services industry. Many leading politicians have held senior positions in the industry or have close family connections to those who do. More than half of the party’s income comes from donations from the the banking and financial services sector. So, of course, “regulators let them dump much of the cost of the resulting fraud on customers” and of course the MET and other defenders of the establishment rationalise this behaviour.
It’s been quite a long time since I’ve posted on here, and things have got better for me personally. Thanks again for your help and assistance. I have this link to a news story from round my way which may be of interest. Whoever came up with the idea of internet banking should be strung up.
https://uk.news.yahoo.com/public-warned-over-using-santander-atms-154007743.html
I’m curious what kind of computer security practices they have at the police station. I’d be surprised if it’s significantly better than the average household given that it’s a large, centrally administered system which tend to be seriously outdated.
Let’s face it: computer security is not easy or cheap and trying to blame victims for not doing what even large corporations with many experts and lots of money to spend have trouble doing is probably neither fair, nor a good approach to problem solving.