Suggested amendments to Code of Banking Practice

Suggested amendments to Code of Banking Practice released - InternetNZ
Media release - 2 August 2007

InternetNZ (Internet Society of New Zealand Inc) Deputy Executive Director Jordan Carter today released the Society’s suggested amendments to the Code of Banking Practice.

"Our proposed amendments focus on four areas. These deal with our major concerns, which are shared by many other consumer advocacy groups," says Carter.

The Code, prepared by the New Zealand Bankers Association, came into force at the start of July, and treats users of Internet Banking in an unfair way compared with its treatment of other methods of banking. It also contained unclear requirements for software updating, and purported to allow banks the right to examine their customers’ computers.

"Two amendments would remove the proposed rule against the use of secure password facilities. People should be allowed to use such systems if they are encrypted, as they allow people to store long and complex passwords in a safe manner. If the banks do not allow people to use such facilities, then their customers will use shorter passwords, leading to a less secure online banking environment.

"Second, an amendment would improve the conditions of liability for unauthorised transactions using Internet banking. As worded today, the Code leaves customers liable for any losses. InternetNZ believes that a situation more akin to that applying to card-based transactions should apply: where unauthorised use is occurring, bank customers should not be liable at all, or if they are then the same limit as applies to cards ($50 prior to notifying banks) should apply.

"A third proposed amendment deals with the uncertainty created by the way the Code requires home computer users to keep their systems up to date to be protected from liability for unauthorised transactions. The Code should clearly state the specific obligations that customers have to stay abreast of major security updates or releases. It cannot continue to make general and unspecific statements about a range of software types, as it does currently," says Carter.

InternetNZ has also suggested that the banks could take further steps to give advice to their customers – through their websites and through other media – about how to keep their computer systems secure.

A final proposed amendment reflects the widespread concerns about privacy caused by the banks seeking the right to request access to people's computers in the event of a suspected fraud.

"People keep all sorts of material on their computers. This may be legally privileged material, or even simply confidential or commercially sensitive business information. As such, the proposition in the relevant clause of the Code should be reversed: liability should only fall on customers if they unreasonably refuse a bank's request for access, and customers should have the option to have a qualified third party certify their system's security. If banks are granted access, they should undertake to use proper forensic and evidential procedures to ensure the privacy of people's digital information.

"I would like to thank Alan Yates at the Bankers Association, for meeting with us to discuss our concerns, and for offering to forward any changes we suggested to the banks for them to consider," says Carter.

"The proposed amendments (detailed in the attached PDF document) are sensible, reasonable changes that will address the major concerns the public have raised in response to this Code's content. I hope that the banks will consider them seriously and implement them as soon as they can.

InternetNZ understands the banks' desire to help their customers improve their home security. Everyone should take reasonable steps to make sure their computer is secure and safe for use if they choose to connect to the Internet. The Code of Banking Practice is positive in that it promotes good computer security practice, but it is not the only, or the best, way to educate the public about computer security.

"In the end, the fundamental principle of current banking practice – that customers are not held liable for fraudulent theft of their money – should apply in the Internet world. Our amendments would help make sure it does," concluded Jordan Carter.

ENDS

See... Proposed Amendments: Code of Banking Practice (PDF)

© Scoop Media