By John Leyden for The Register. This story has
been reproduced with permission.
A follow-up report on personal internet security by the
committee of peers also calls for legislation to ensure that banks
are held responsible for losses caused as a result of electronic
fraud. The three recommendations are the main findings from a
second round of hearings on the issue of internet security carried
out be the peers.
The government failed to take on board the recommendations that
came out of the peers' first set of hearings last year, but the
fallout from the HMRC data loss debacle has brought the importance
of internet security into focus for government ministers, two of
whom appeared before the committee during its second round of
hearing.
Round two
Security experts criticised government officials for ignoring
recommendations in the initial report, published last August. Since
then, and after the November data loss by the HMRC, ministers took
on board some of the proposals, including moving towards a code of
conduct for ISPs and kite-marking websites.
These were some of the minor points in the initial report.
Disagreements remain on cybercrime reporting and the liability of
banks for online fraud.
Their Lordships' second report renews a call for the government
to do more to protect the public cybercrimes such as identity theft
scams and auction fraud.
The government maintains that the Banking Code offers enough
protection for customers. The latest House of Lords report argues
that banks often refuse to refund customers in cases where a PIN or
password is used in an online fraud.
The committee heard evidence that the Financial Services
Ombudsman and the courts are unable to offer redress from customers
in these circumstances, prompting the Lords to argue that laws need
to be enacted that push the balance back in favour of the consumer.
Holding banks statutorily responsible for phishing and skimming
fraud would encourage them to improve e-commerce security, peers
argue.
Richard Clayton, a computer security researcher at the
University of Cambridge and expert advisor to the committee,
backed this recommendation: "Banks choose the security
mechanisms and how much effort they put into detecting patterns of
fraud, so they should stand the losses if these systems fail.
Holding individuals liable for succumbing to ever more
sophisticated attacks is neither fair, nor economically
efficient."
The Committee's second report, published on Tuesday, also
repeated its call for an overhaul in e-commerce reporting
procedures. It stated that requiring victims of fraud to report it
to their banks rather than to the police is leading to
under-reporting of e-crime.
"It is also vital that the victims of e-crime can report crime
directly to the police. If you were robbed in the street you would
expect the police to recognise it as a crime and try to catch the
person responsible. If you are a victim of online fraud, you should
be entitled to the same protection," said Lord Sutherland of
Houndwood and chairman of the Lords Science and Technology
Committee.
© The Register
2008
