There was tremendous emphasis on customer education as a partial solution to payments fraud, during presentations made at the FDIC conference on ‘combating commercial payments fraud’ earlier this week. Of course, no one can argue against customer education and in fact, it is effective – but only up to a point. We all know by now that customer desktop and AV protection software has failed to detect the most insidious malware and Zeus variants. So how are end-users going to protect their PCs if even the best security software vendors can’t?
Now the ‘tip-of-the-day’ being offered to bank customers is to have them use ‘dedicated PCs’ for online banking. But even dedicated PCs can become infected. Not all malware is delivered via email; some can be dropped off by honest and legitimate web sites that are infiltrated. Of course, a dedicated PC will limit a user’s exposure to malware but it too is by no means foolproof. (I would more likely recommend inserting a Ubuntu CD into the CD drive and booting off of a read only OS and browser).
The type of customer education that is really needed is informing business customers that online banking can be dangerous and that they can lose all the money in their accounts and not get it back from their bank, under current law. There is an implicit assumption out there among Americans that our money is protected by U.S. banks, whether it’s in a consumer or business account. Those of us who follow this industry now know that this is a false assumption for U.S. business accounts.
Next time, a business logs on to its bank’s website, it should clearly see this message, right on the home page. “Bank at your risk”. Or if banks don’t want to be that clear and be more ‘bank-like’ they can always say: “Please be aware that unauthorized withdrawals from your account may not be refunded, subject to the terms and conditions of your agreement.”
If you ask me, that’s the kind of education U.S. businesses need.
Category: Uncategorized Tags: