Lords probes online security risks

UK banks are making an effort to combat data theft but find their hands tied by what customers do, the House of Lords has been told
Written by Tom Espiner, Contributor on

A House of Lords committee investigating internet security has heard evidence from leading financial services organisations.

On Wednesday, witnesses from the UK payments association (APACS), the Financial Services Authority (FSA) and Visa gave evidence about the level of online threat to consumers, the types of fraud being perpetrated, and how financial services organisations are working with international law-enforcement groups.

UK banks make every effort to combat data theft, but to a certain extent their hands are tied as it is the customer who is often targeted in data-theft attacks, APACS' spokeswoman Sandra Quinn, who also gave evidence at the investigation, told ZDNet UK.

"People accept a level of risk just by shopping online — but just because they're worried about [online banking fraud] doesn't mean they are doing anything about it," said Quinn. "The banking industry is very reliant on how customers behave, and it is customers who are giving away their details to the fraudsters. We try to help prevent that."

The House of Lords launched its enquiry in July. The investigation is headed by the committee chairman, Lord Broers, and claims to be the first in-depth parliamentary study of the issue.

"Technology is changing so fast that no-one seems to have had time to step back and look in the round at the emerging threats to personal security, and the ways society might counter them," said Lord Broers at the time. "This inquiry gives Parliament a chance to do just that."

Financial services organisations are keen to claim that the level of actual threat to online banking is far less than the perceived threat."It's always important to put this in context. Sixteen-million people bank online, but only a tiny number are victims of online banking fraud," said APACS' Quinn.

"It seems people are falling victim to phishing attacks less often, which is one of the reasons there has been an increase in the volume of phishing emails," said Colin Whittaker, head of security for APACS.

APACS claims to have effective mechanisms to share information internationally around issues such as phishing. Hackers have often used compromised or proxy servers in countries such as China to launch phishing attacks.

"We do a lot of work with law enforcement. Lots of banks have global networks, which is useful for establishing links with law-enforcement authorities we may not necessarily be able to reach. For example, both RBS and HSBC have links with China, and historically phishing comes from that direction," said Quinn.

The House of Lord's investigation will run until the late spring or summer of 2007, when a report of the committee's findings will be issued.

Phishing was one issue being investigated by the Lords committee. Although there has been a 1,500 percent increase in the number of phishing attacks year-on-year since 2005, financial organisations claim that consumers are getting wise to the scams and fewer attacks are now successful.

Editorial standards