As the fallout over SWIFT’s cyber breaches continues, the U.K. has put forth proposals that would require the customers of banks – not the banks themselves – to cover the cost of fraud.
Reports last week in the Financial Times said U.K. lenders and government officials are looking at rule changes that would mean online banking customers with insufficient online security could face getting removed from the banking system altogether should a security breach occur.
It’s a major turnaround from an industry that routinely covers the cost of fraud whether the customer or the bank is at fault.
Reports said consumer advocacy groups have decried the proposed rule changes, arguing they would unfairly target, in the words of Money Fight Club co-founder Lindsay Cook, “the less sophisticated, the old and the frail.”
But reports also said that the rules would similarly impact businesses hit by cyber breaches. According to the publication, the cost of fraud in the online banking space jumped by 64 percent last year, hitting both consumers and businesses.
News of the proposal comes just months after the U.K. Metropolitan Police Commissioner Sir Bernard Hogan-Howe argued that banks should no longer be required to compensate fraud victims as it “rewards” public banking customers for being lenient with cybersecurity.
GCHQ, the U.K.’s government cybersecurity agency, which is discussing the new proposals along with the Bank of England, said that concept is an effort for banks and the private sector to become more proactive in their digital security.
The agency’s move aims to inspire proactive action, such as pushing banking customers to update their software.
In separate reports in InfoSecurity Magazine, security advocate at AlienVault Javvad Malik said this was a “bad idea.”
“It will be difficult, if not impossible, to agree what an acceptable baseline of security is,” he told the publication. “Will banks mandate which operating systems and browser versions are relevant? For example, will they block any visitors running Windows XP?”
The GCHQ did not comment on the matter to the Financial Times, reports said.
Reports added that the rule changes would not remove the responsibility of regulatory compliance from banks and other financial services firms, however, and that it would take several years for any approved changes to take place.