today is reporting that all the big banks – except HSBC, which also controls
First Direct – are to demand that online customers use “chip and pin at
home” devices to identify themselves before moving money out of their
accounts, in the biggest change to personal banking since chip and pin replaced
signatures at the checkout.
Millions of hand-held card reading devices will be sent, free of charge, to
bank customers over the next six months in the latest attempt to fight online
fraud. Regular internet users will be the first to receive the devices, in
which they will have to place their debit card before making any online banking
transactions. Only balance inquiries, and payments to “known and
trusted” big firms such as telephone and power companies will be possible
without using the devices.
Again we see the banks coming up with a solution that
effectively ‘blames’ the end user for the fraud, and places the burden of
responsibility on the account holder, whereas the real reason that the levels
of fraud are at their peak are that Banks and other institutions are not
protecting the data that they hold on us in the first place.
It doesn’t matter how many front end systems that the banks
put in place, they will never be secure if the back end systems are still open
to hackers and thieves.
The real effort needs to be by the banks in protecting their
systems, protecting their authorisation systems and not allowing account
holders details to enter the public domain.
And NO, the NIR and ID Card is not the answer either, as this is where this costly string of front end systems and proof of identity is going to eventually end up.
Banks, businesses and government must stop being the
enablers of fraud by allowing our details to be stolen.