This week’s hearing by the grandly-named The House of Lords Science and Technology Committee, tasked to look at Internet security, opened another miniscule window into how UK banks are – or are not – dealing with online fraud and phishing.
The organisations giving evidence – Visa, the Financial Services Authority, and banking organisation APACS – don’t normally put their thoughts on public record at all so it was interesting to hear them defend the industry’s record in this area.
Were some banks more vulnerable to phishing attacks than others? What had the industry done to stop the phenomenon?, asked the Lords.
“We don’t have the authority to impose standards on our members. Each individual member will be aware of their level of fraud in relation to turnover….. Certain banks are attacked more in the UK than others. Fraudsters are very aware of the kind of banks that we bank with so they tend to attack the banks we use most often so it’s often the well known high street banks that come under attack,” said Sandra Quinn of APACS.
“Its not that banks are or are not secure as it’s not the banks that are being attacked it is their customers who are being attacked and the level of security they deploy is relatively equal. Trying to draw any judgement that this bank is stronger or weaker than another bank doesn’t help us describe why that bank is being attacked in the first place,” added her colleague and APACS security head Colin Whittaker.
Of course, one of the things the banking industry has not done is impose any basic security standards such as two-factor authentication, arguing that every bank should invest as it deems appropriate.
The problem with modus operandi is that even when banks refund the stolen funds to victims, this is not a victimless crime. The criminals are still winning, getting slowly richer, and diversifying into new areas of Internet crime. Paying customers back is not the point. The criminals have made their money, and the lack of security and success of their crime is only encouraging.
The whole submission can be seen on Parliament TV. We’ll wait to see what the Lords come up with. It will be ignored.