UK police chief: Banks shouldn’t compensate online “bad behaviour”

Consumers and businesses should not expect to be refunded by banks if they fail to protect themselves from cybercrime, the UK’s most senior police officer has suggested.

The Metropolitan police commissioner Sir Bernard Hogan-Howe told The Times newspaper that customers who had fallen foul of online fraudsters were being “rewarded for bad behaviour” instead of incentivised to update anti-virus software and improve passwords.

Asked how banks could make people more security-conscious, Hogan-Howe said: “That’s one thing to consider. If you are continually rewarded for bad behaviour you will probably continue to do it but if the obverse is true you might consider changing behaviour.

“The system is not incentivising you to protect yourself. If someone said to you: ‘If you’ve not updated your software I will give you half back,’ you would do it.”

The Met later issued a statement in which it said that the commissioner’s comments should not be interpreted as a proposal that fraud victims should be denied compensation.

The force said his remarks focused on consumers who did not take basic precautions, such as adequate password precaution and security measures, rather than a blanket proposal for all online fraud victims.

Software security group Kaspersky Lab said that the interview raised a much broader focus on where the responsibility lies to keep people protected online.

“In today’s digital age online fraud is a very real threat and the responsibility to protect against it should be shared between banks, government and consumers, said David Emm, principal security researcher at Kaspersky Lab.

“Currently, just under half (48%) of consumers believe that the burden of online financial security is shared between them and their bank. If banks were to insist that customers must be secure in order to be covered for financial loss, there is a question of how a standard would be set, what that standard should be, how banks would enforce it and whether the banks would commit to covering financial loss if the standard is met but fraud still takes place.

“Our research shows that 48% have fallen victim to online fraud or know someone that has (42%). Consumers must be vigilant and take responsibility themselves to do all they can to ensure they are as safe as possible online by applying security updates, using appropriate and up-to-date Internet security software protection and using a unique password for every online account.

“Financial transactions are just one area for people to protect themselves. With almost every area of our daily lives now supported or driven by our digital life, people are more vulnerable than ever to a host of sophisticated and varied cyber-threats.

“Central to this is having up-to-date and appropriate Internet security software on all connected devices, but it’s also about being aware of our digital footprint, installing security updates promptly, using strong and unique passwords, applying caution when using public wifi networks and not revealing too much information about ourselves online.”


Related reading