InternetNZ releases suggested amendments to Code of Banking Practice
Media Release - August 2, 2007 - InternetNZ (Internet Society of New Zealand Inc) Deputy Executive Director Jordan Carter today released the Society’s suggested amendments to the Code of Banking Practice.
“Our
proposed amendments focus on four areas. These deal with our major concerns,
which are shared by many other consumer advocacy groups,” says Carter.
The Code,
prepared by the New Zealand Bankers Association, came into force at the start
of July, and treats users of Internet Banking in an unfair way compared with
its treatment of other methods of banking. It also contained unclear requirements
for software updating, and purported to allow banks the right to examine their
customers’ computers.
“Two
amendments would remove the proposed rule against the use of secure password
facilities. People should be allowed to use such systems if they are encrypted,
as they allow people to store long and complex passwords in a safe manner. If
the banks do not allow people to use such facilities, then their customers will
use shorter passwords, leading to a less secure online banking environment.
“Second, an
amendment would improve the conditions of liability for unauthorised
transactions using Internet banking. As worded today, the Code leaves customers
liable for any losses. InternetNZ believes that a situation more akin to that
applying to card-based transactions should apply: where unauthorised use is
occurring, bank customers should not be liable at all, or if they are then the
same limit as applies to cards ($50 prior to notifying banks) should apply.
“A third
proposed amendment deals with the uncertainty created by the way the Code
requires home computer users to keep their systems up to date to be protected
from liability for unauthorised transactions. The Code should clearly state the
specific obligations that customers have to stay abreast of major security
updates or releases. It cannot continue to make general and unspecific
statements about a range of software types, as it does currently,” says Carter.
InternetNZ
has also suggested that the banks could take further steps to give advice to
their customers – through their websites and through other media – about how to
keep their computer systems secure.
A final
proposed amendment reflects the widespread concerns about privacy caused by the
banks seeking the right to request access to people’s computers in the event of
a suspected fraud.
“People
keep all sorts of material on their computers. This may be legally privileged
material, or even simply confidential or commercially sensitive business
information. As such, the proposition in the relevant clause of the Code should
be reversed: liability should only fall on customers if they unreasonably
refuse a bank’s request for access, and customers should have the option to
have a qualified third party certify their system’s security. If banks are granted
access, they should undertake to use proper forensic and evidential procedures
to ensure the privacy of people’s digital information.
“I would
like to thank Alan Yates at the Bankers Association, for meeting with us to
discuss our concerns, and for offering to forward any changes we suggested to
the banks for them to consider,” says Carter.
“The
proposed amendments (detailed in the attached PDF document) are sensible,
reasonable changes that will address the major concerns the public have raised
in response to this Code’s content. I hope that the banks will consider them
seriously and implement them as soon as they can.
InternetNZ
understands the banks’ desire to help their customers improve their home
security. Everyone should take reasonable steps to make sure their computer is
secure and safe for use if they choose to connect to the Internet. The Code of
Banking Practice is positive in that it promotes good computer security
practice, but it is not the only, or the best, way to educate the public about
computer security.
“In the
end, the fundamental principle of current banking practice – that customers are
not held liable for fraudulent theft of their money – should apply in the
Internet world. Our amendments would help make sure it does,” concluded Jordan
Carter.For further
comment: Jordan
CarterDeputy Executive Director04 495
2118021 442 649jordan@internetnz.net.nz
