Is my bank the biggest scammer out there?

Is my bank the biggest scammer out there?

Summary: Does the improved credit card security offered by chip and PIN-embedded credit cards mean a future of greater personal liability?

TOPICS: Banking

Does the improved credit card security offered by chip and PIN-embedded credit cards mean a future of greater personal liability?

For the first time in a very long while I was pleased to receive a letter from my bank. It wasn't asking for payments or hiking up their fees -- it wanted to provide me with greater security by issuing me a new chip and PIN credit card.

I have been the target of credit card fraud twice in my life, but both were while using the conventional magnetic strip card. The first time was on a sweltering hot train in Madrid when a short, fat but otherwise unassuming 40-year-old woman pickpocketed me. I contacted my bank immediately and I ended up not being penalised for the theft.

The second time was during a brief jaunt to Tony Soprano's home state, New Jersey, when I used my credit card to buy a camera. During the purchase, I was assisted by a pimply, teenage Eminem look-alike.

Everything appeared to be fine until weeks later, when I received a call from my bank's fraud investigators who told me my card had been compromised.

I couldn't be sure, but my first guess was that I'd been given the raw prawn by Eminem's doppelganger. I told them I hadn't authorised the transactions and the bank didn't hold me responsible for the losses. It wasn't comforting to know my card was skimmed by Eminem, but I at least felt protected.

The bank didn't accuse me of anything and didn't hold me liable for the losses but that could change if Australian banking customers find themselves following their UK counterparts, who introduced chip and PIN in 2006.

Under the British Bankers' Association code -- a voluntary code of practice similar to Australia and New Zealand's banking association structure -- the onus is on the bank to prove users have acted fraudulently or without reasonable care before they become liable for the misuse of the card. If it can't, the user isn't liable.

But since the introduction of chip and PIN cards, consumers are increasingly being turned away by banks when making a compensation claim.

That's because chip and PIN technology prevents cards from being cloned through card skimming scams. But so sure are the banks of this bulletproof technology that some are assuming that if a fraudulent transaction occurs where a PIN has been used, it must have been the cardholder's fault.

Bulletproof it's not though. Researchers at Cambridge University recently showed that you don't need to clone a card to compromise it. recently reported a case where a keylogger had been used to steal a person's Internet banking passwords, which led to the criminals spring cleaning the victim's account. When the victim told the bank about the problem, its initial response was that he must have given out his password. He denied the claim and only after the Australian Federal Police investigated the incident did the bank decide to chargeback the stolen amount.

Of course, banks shouldn't make it too easy to claim compensation, otherwise criminals would exploit that. On the other hand, it is a little scary when a bank's faith in its security technology is so great that it assumes exposure of security information means carelessness -- and therefore some liability for the fraud -- or indeed actual involvement in the crime.

What's even more scary as the holder of one of these new cards is that I could be being set up by my bank for a future of increased liability, all under the guise of increased protection. I now feel a bit dirty for being so gleeful at the arrival of chip and PIN.

And before you think this is just the ranting of a paranoid journalist, think back to the angry reaction the Australian Bankers Association gave to rumours that it would amend its Electronic Funds Transfer Code of Practice to place some liability for theft and fraud on the customer if their PC was not adequately protected with up-to-date security software.

While it vehemently denied such intentions, just months later the New Zealand Bankers Association, whose largest members are also part of the Australian Bankers Association, amended its EFT Code of Practice, to do exactly what the Australian organisation had denied.

There is however a silver lining to this cloud of uncertainty hanging over online consumers, although to see it requires a small shift in perspective. One of the UK's big four banks, LloydsTSB, has spotted an opportunity amidst the kerfuffle over identity theft and fraud in banking 2.0 -- insurance 2.0.

Now I know that banks are under pressure to please their shareholders, but this new product really is a bottom-feeding mullet you really don't want to swallow: for just £6.99 per month you can "safeguard your identity" and pay for services that UK banks are legally obliged to provide. Then again, maybe this product does have a target market: if you're stupid enough to pay a few thousand dollars to a Nigerian prince after receiving an anonymous e-mail, you're stupid enough to buy this insurance.

Topic: Banking

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Scamming bankers

    We have the same ridiculous ads selling "fraud protection insurance" here in the states. I always laugh when they come on, and point out to anyone present that this is a brainless scam, since the banks here in the US are also obligated to provide protection, at no charge. However, it does make it easy to know which banks to avoid at all costs.
  • ANZ withholding monies from my account

    Well how about this,my ANZ bank froze my savings account because I'm overdue with ANZ visa card monthly payment,even though I didn't O.K it.Two different accounts,can they do this?I have two young children to feed
  • ANZ

    I logged in to my account today... ANZ helped themselves to all the money (for groceries and back to school things... and left me without any money at 7pm on a friday night and no-one to call about it...and another week until i get paid)
    Funnily enough they took the money and put it onto my cancelled mastercard debt. They called me a few months ago... I paid them 400 dollars (of a 2000 dollar debt) and they were going to send me a statement with the new amount owing... 6 months later - no statements or phonecalls.... just went to use my savings card and a couple of hundred dollars missing.... Kids had bread and jam for dinner and the bloke I spoke said " I don't care about you're circumstances" we got robbed last week - they took the kids xmas presents/mobile phones/cash etc etc... and now this.
  • Westpac guilty too

    I live in WA, seems someone in Sydney used my "chip" card in Sydney to pay a $20K bill at a panel beater. Bank claims a chip card and a pin was used so must have been me. The card or the pin were never out of my possession. The bank is basicly calling me a lier and say I am liable. The real crooks have had over 3 months to get away.
    Like "ANZ withholding monies" Westpac say they will place me on the credit blacklist and extract the money from another account. If these cards can't be defrauded it may be an "inside job" at the bank's card services?