Banking industry lashes out at privacy legislation

Banking industry lashes out at privacy legislation

Summary: Laws restricting the sharing of information between financial organisations are hindering the fight against cybercrime, according to Apacs

TOPICS: Security

Banks and retailers need to be able to share more information so they can fight back against Internet fraudsters.

UK payments industry body Apacs has warned that data protection laws are hindering data sharing which could alert banks and retailers to fraud attempts.

Riten Gohil of the fraud control division at Apacs told ZDNet UK sister site "The difficulties are that there are lots of antiquated data protection laws that make domestic data sharing hard and beyond [national] boundaries it's even harder."

He added: "It's a real barrier. It's one of our big challenges — the criminals don't have human rights laws and don't have the same restrictions that we do."

The successful implementation of chip and PIN has left fraudsters looking for easier targets — such as card-not-present fraud — using stolen cards online or over the phone. As a result Apacs is looking to build awareness of anti-fraud initiatives such as verified by Visa but is also looking at the rollout of two-factor authentication technologies across the industry — but these aren't likely to be widely available until 2007.

Gohil said fraudsters are learning new types of fraud as the banks tighten their defences: "[Criminals'] education is improving as much as anyone else's. We are talking about a global phenomena here — information is a hot commodity for the criminal these days."

Katherine Hutchison, director of retail products and strategy at payments company eFunds warned: "Ecommerce is the weakest link because you can try [frauds] over and over again and you probably won't get caught or even detected."

She said a fraud industry has developed where specialists trade skills and information to attack weaker targets.

Hutchison added: "It's become this cottage industry where they sell each other their goods and services. You used to have to be able to do it all. In the last year they've broken out of that model and they are starting up an underground industry and selling services to each other."

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The situation requires a reconciliation of privacy rights on one hand and securing sound law enforcement on the other. The privacy rights must neither be taken too lightly as to cost the valuable data and nor they should operate as a veil for hiding the criminals. Once it was quoted that
  • Overstating

    I don't go along with the article. I'm afraid its all too easy to blame the privacy laws. They do not have effect to protect the criminal. But they do protect the rights of the innocent against loose procedures. In any event this issue diverts the focus of attention away from the Banks' primary duty in relation to its own security. No amount of privacy laws will make the task any harder than it already is.

    Graham Ross
    Online Dispute Resolution