«

»

From now on it’s YOUR fault if your bank account is defrauded

By Simon Davies

(Santander’s response is set out at the end of this post)

The UK banks are at it again. After decades scheming to dump liability for fraudulent card activity onto anyone in sight they’ve now imposed new conditions that will expose customers to substantial personal loss.

After decades scheming to dump liability for fraudulent card activity they’ve now imposed new conditions that will expose customers to substantial personal loss.

The changes are being pioneered by Santander – that beloved bastion of consumer rights – and are likely to be adopted across the industry. They will give banks greater freedom on a whim to refuse a refund of losses from criminal fraud by claiming that customers have been negligent.

Santander’s changes to its terms and conditions mean customers must have a unique four-digit PIN that is used only for its credit and debit cards. It must not be a number that can be easily guessed, such as a year of birth.

The Daily Mail notes that those who have difficulty remembering numbers – for example the elderly – and use a single PIN for a range of services could find any claim against fraud is rejected.

Industry figures show total card fraud grew by 9 per cent in the first half of this year to £185 million. Banks describe this loss as “huge” though it is of course dwarfed by the current profits of those institutions. Four UK banks recently announced combined profits of £24 billion for the year.

Of course £185 million is not a figure to be lightly sniffed at. That’s a significant number of holiday homes for bank directors, as the banks well know. That’s why they fought tooth and nail against court action to recover the substantially greater booty stolen by overcharging customers down the years. And what better way to reclaim fraudulently obtained profits than to leverage fraudulent criminal activities. And as an added bonus the banks even get to escape prosecution under the Proceeds of Crime Act (2002).

Of course £185 million is not a figure to be lightly sniffed at. That’s a significant number of holiday homes for bank directors

The implications for consumers are huge. As I outlined in a previous blog, a scarily large percentage of the population use the same password for all purposes, so asking a customer for a password for, say, a book retailer may provide the same password used for a bank. One survey indicated that 61 percent of people use the same password for all their online accounts whenever they can. The same statistics apply to PINs.

Any customer who finds their mobile phone is stolen and is then used to access their current account will find the bank can reject any claim for compensation unless it had password protection.

HSBC made a similar shift through a raft of back-door changes to its terms and conditions that came into effect in April.

Professor Ross Anderson, of the Cambridge University Computer Lab, accused banks of trying to shift the cost of card fraud on to customers. He said: ‘Banks have flip-flopped over the years on whether it’s okay to use the same PIN for multiple accounts.

‘If Santander want to ensure that weak PINs aren’t used then they must issue random PINs to customers and not permit PIN change. That’s the line followed by some banks in Germany.’

The reasonable person could of course argue that the banks are doing the right thing. But then the reasonable person also cheerfully sat by and mandated the installation of millions of CCTV cameras in every nook and cranny of the UK, meaning that almost anyone could covertly watch your PIN entry.

______________________________________________________

Santander’s Senior Media Relations officer has responded with the following statement:

“We believe that by having security details unique to the accounts they hold with us, customers can help protect themselves further against fraud risks.  Due to the increasing use of mobile banking and password memory software we are updating our terms and conditions and suggesting a number of additional measures our customers can take to help protect themselves.  Unless a customer is involved in fraud, any instance of fraud is against the bank, not the customer, and so innocent victims will not lose out financially.  We look at every fraud case on an individual basis.   If a customer has been a victim of fraud and they have taken reasonable steps to protect their personal financial security then we will refund within 24 hours.”