funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases

From: "Dennis Henderson" <hendomatic () gmail com>
Date: Wed, 27 Jun 2007 19:03:10 -0500
When will the customer have to have at least some responsibility for
their action/inactions?

I guess the person who invents the perfectly secure internet
transaction will be the richest person on the planet. Imagine being
able to conduct a secure pc based internet transaction with every kind
of trojan and keylogger installed....



On 6/27/07, B.K. DeLong <bkdelong () pobox com> wrote:

Interesting - I wonder how long before online merchants subject to the
PCI DSS will transfer liability to users. From the PCI to the
Processors to the Auditors to the Merchants to the Consumers - what
happened to "the customer is always right" ?

On 6/27/07, Fergie <fergdawg () netzero net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dave Jevans: Where ever you are, you owe me a beer. I told you that
> the liability issues would start to shift more towards the consumer
> to prove they are not at fault.
>
> And it _will_ get worse. Bet on it.
>
> Via Computerworld.co.nz.
>
> [snip]
>
> Banks are seeking access to customer PCs used for online banking
> transactions to verify whether they have enough security protection.
>
> Under the terms of a new banking Code of Practice, banks may request
access
> in the event of a disputed transaction to see if security protection in is
> place and up to date.
>
> The code, issued by the Bankers' Association last week after lengthy
> drafting and consultation, now has a new section dealing with internet
> banking.
>
> Liability for any loss resulting from unauthorised internet banking
> transactions rests with the customer if they have "used a computer or
> device that does not have appropriate protective software and operating
> system installed and up-to-date, [or] failed to take reasonable steps to
> ensure that the protective systems, such as virus scanning, firewall,
> antispyware, operating system and anti-spam software on [the] computer,
are
> up-to-date."
>
> The code also adds: "We reserve the right to request access to your
> computer or device in order to verify that you have taken all reasonable
> steps to protect your computer or device and safeguard your secure
> information in accordance with this code.
>
> "If you refuse our request for access then we may refuse your claim."
>
> [snip]
>
> More here:
> http://computerworld.co.nz/news.nsf/news/FDA3CE33D73B5B82CC257302000B0EE8
>
> - - ferg
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.2 (Build 2014)
>
> wj8DBQFGgpg9q1pz9mNUZTMRApWTAJ9pjNomy2oQjbldjFGEHg2gH0g18wCg4cb9
> 1pHQpoXboGgztQoo566EC2A=
> =MFlr
> -----END PGP SIGNATURE-----
>
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  fergdawg(at)netzero.net
>  ferg's tech blog: http://fergdawg.blogspot.com/
>
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>


--
B.K. DeLong (K3GRN)
bkdelong () pobox com
+1.617.797.8471

http://www.wkdelong.org                    Son.
http://www.ianetsec.com                    Work.
http://www.bostonredcross.org             Volunteer.
http://www.carolingia.eastkingdom.org   Service.
http://bkdelong.livejournal.com             Play.


PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

FOAF:
http://foaf.brain-stream.org
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: