A half-million pound bank robbery is quite a feat, even today. When the heist happens on home computers, as it did with customers of Swedish bank Nordea, it's time to fundamentally review the assumptions on which the banks build our safety.
Consumers must bear some responsibility, but IT security isn't something that can be devolved to Mrs Miggins. Anyone involved in online transactions — including retailers, financial corporates, developers and ISPs — must take on that part of the job they are best suited to do. Those with money, power and expertise win the lion's share of the problem, and will benefit most from a better system.
Yet banks say that the current level of consumer online fraud is acceptable, and that the cost of strengthening security would be more than the losses they currently suffer. Such cold calculations overlook not only the misery and inconvenience involved for their customers, but the chilling effect such experiences have on online commerce in general. Markets are built on confidence. Little is saved if that is lost.
The first and most important step is to take online security seriously. That means we must see the environment for what it is — a concentrated global attack by organised crime on the fundamentals of commerce — and react accordingly. Cross-industry international co-operation to set common cause and common goals is essential. There is no room for company politics or industry rivalry.
There are any number of possible approaches to improving online security: consumer education and services, multi-factor systems, even custom secure OS distributions running in virtual machines or from non-volatile storage. An industry that took these matters seriously would be pooling its resources to actively research these and other options, with the aim of improving security for all across the board.
This is not what we currently see. Consumers are stuck with an insecure operating system, anti-malware companies keener on snake-oil than safety, and a multiplicity of approaches from the banks and other organisations they need to trust. In a battle between organised crime and disorganised commerce, the bad guys will always win. We can't afford that, no matter how much money it saves.