recent news in the UK that there is a growing push to create a liability shift around fraud losses that could potentially make bank customers responsible for the cost of online and digital fraud in their own accounts merits close attention. According to
The Financial Times, Britain’s lenders in conjunction with the UK government, the Bank of England, and even the UK security and intelligence agency, the GCHQ, are trying to push this liability shift in light of what they define as “lax” security. This is an extremely noteworthy turn of events for a variety of reasons.
The Speed of Technological Change: First of all, the pace of change in all areas of technology poses challenges to many consumers. New devices, new ways of conducting online banking, and new services all require consumers to “keep up.” Think about it this way: if you’re reading this, then you probably have deep familiarity with technology and/or financial services, yet do you even know all the things you can potentially do with your device from a banking perspective? Think about how much more challenging these changes might be to someone who doesn’t have the background you might have. Most of us struggle to keep up with “the latest and greatest” in a timely manner.
Challenges of New Services: Consumers can now do things with their retail banking and credit/debit card accounts that they couldn’t have dreamed of 5-10 years ago. Two of the most obvious examples are remote deposit capture in which a check is deposited with the mere snap of a smartphone camera, person-to-person payments (think Venmo or any other similar 3rd-party app or internal functionality), and advanced travel notification whereby consumers inform their financial institution or card issuer that they will soon be travelling abroad and therefore conducting atypical transactions. The shifts in liability around each of those services are probably unknown to most retail users unless they elect to read the small type or “terms & conditions,” which we know that very few people do.
Regulators’ Role: Regulators can and should play an important role in this discussion since they are at the center of the technology-user-banker-fraud circle of issues. While some of them are in fact those behind this liability shift, they must balance this with a focus on consumer protections as fraud becomes more difficult in light of the heightened risk presented by cyber criminals. Is it really correct to shift the liability to consumers when banks are having a difficult time with security in their own fraud management plans?
Emerging Forms of Authentication: New devices bring new challenges to financial technologists, but also new opportunities. Banks and card issuers can now authenticate their consumers with facial and voice recognition, location frequency, Wi-Fi signal, device identification, and more. Few of these options existed in the past and these new opportunities for simpler and faster authentication require users to adjust and understand, something which is not to be taken for granted. Financial institutions will not only need to adopt new forms of authentication, but to educate their customers on how to use them to be more secure in their online banking transactions.
As cyber evangelist
Jonathan Sander of Lieberman Software
writes, “Banks [are] between a security rock and a competitive hard place.” So the bottom line here is that this potential rule change should not come as a surprise to anyone who has spoken to banks or card issuers about their fraud losses, consumer security goof-ups, and the like.
Yet despite these legitimate reasons, it makes sense for one to consider them in the broader context of the issues mentioned above. Users, technologies, devices, and retail banking services all are constantly in flux; comprehending these and keeping updated on them is something few do on a regular basis. Shifts in liability around them should, therefore, be closely considered before being widely adopted.