Time and time again the issue of identity fraud makes it into the media (see recent article from Stuff.co.nz which talks of identity fraud costing about Australian's a conservative $1.35bn NZD), yet I still don't think people really grasp what it means, particularly in the world of online banking.
The first thing that comes to mind when people think about online banking and online fraud is someone stealing their money – using fraudulent means to gain access to their online bank account and simply stealing their money. I can't question this top-of-mind response, however what I do struggle with is that people don't think further on this subject, and in particular in the context of identity fraud.
There are a number of banks which guarantee to refund your monies, if they are stolen through fraudulent means, on the condition that you as the operator/owner of the bank account are not negligent ... so long as you don't share your password/PIN details; maintain up-to-date security software; have a "complex" password which you regularly change etc. On the surface this looks great ... if I uphold my side of the bargain the bank will give me my cash back.
However I believe the reason some banks take this approach is because it's simply easier and cheaper for them – they can write out a few cheques each year at a cost which is significantly lesser in value to them than the costs associated with implementing credible online security measures.
They may even say that customers find additional security measures, like our Digipass and other tokens, to be a "hassle" and a barrier to that customer wanting to bank with them online. My counter to this is that those persons who truly understand the risks and importance of being fully protected, see the additional security measures offering benefits that far outweigh any perceived "hassle" and that these tokens are the bare-minimum that should be being offered by banks.
And, this approach by some banks of reimbursing you for stolen cash only goes so far and doesn't address the issue of identity fraud.
What if that criminal gains access to your account but doesn't steal your money and simply steals all the information they can about you, to use that information to fraudulently represent you for some other means or transaction e.g. applying for credit. In the "real" non-online world it's a bit like someone breaking into your house, not stealing anything material/tangible but going through all your possessions and personal documents to gain as much information about you. How would it feel if you knew some stranger had been through your house having invaded your personal space?
It's the same in online banking.
Some banks have gone someway to protect you a little more than others, but still not far enough. For example you use your customer number/username and password to logon and can then elect to use additional security e.g. one-time codes sent by text message, to validate transactions. But that's just the same as someone gaining entry into your house but not stealing anything tangible – the criminal logs in but doesn't take any money ... they just have a good look around. If security measures are adopted by your bank they should also protect you against a criminal gaining entry to your account and not just once a criminal is inside your account.
For us security is paramount – security of your money and your identity.
We provide the best possible security available, in the form of our Digipass, and the requirement to validate everything you do when logged on, including the act of logging on initially. Our view is that we have an obligation to do all we possible can to protect our customers – their monies and their identity, and that compromising either of these is not acceptable.
I do hope people grasp that a cheque from your bank can do nothing more than give you your money back. It can't give you your identity back after it's fallen into criminal hands.