The biggest problem is with phishing, whereby a scammer sends an
email which pretends to be from the bank in order to con a user
into handing over their internet banking username and password.
The FSA and the UK payments association Apacs were giving
evidence to the House of Lords science and technology committee.
They said that the problem was growing, but from a small base, and
was still small in real terms. They said that the amount stolen was
set to rise by another 90% next year.
Around £45 million was stolen this year through phishing, and
the committee was told that one bank suffered many more breaches
than another. Apacs said that it would not reveal which bank that
was, since it represented banks and not consumers.
Both the FSA and Apacs rejected calls for consumers to be
notified each time a bank suffered a security breach, such as the
loss or theft of a laptop containing customer details. Many US
states enforce such a rule and Apacs said that that activity caused
'undue alarm' there.
The bodies' evidence said that phishing scams were becoming
increasingly more sophisticated, but that they believed that
internet banking was essentially safe.
The committee was told that the number of reported phishing
incidents in the first six months of 2005 was 312, but that in the
first six months of 2006 5,059 incidents were reported. Apacs head
of security Philip Whitaker said that the jump was due to better
detection of the incidents.
It also emerged in the hearings that the FSA will open
discussions next week with the Information Commissioner on whether
or not internet banking is open and transparent enough in its
handling of information.
Philip Robinson, the head of financial crime at the FSA, told
the committee that he would meet the commissioner to discuss ways
of increasing transparency.
