Shock. Anger. Fear. These are the typical reactions from the growing number of bank customers who find themselves the victims of electronic fraud, says Bruce Ford.

For the past 10 years, Ford has run a consultancy called Dispute Assist, which aims to help customers who have problems with their banks. Over that time he has become something of an expert in the emotional toll of electronic fraud - and on the often unsympathetic response customers get from their bank.

"They are appalled at how badly they are treated by staff at the banks when they are still in shock at having their account accessed," Ford says.

"Usually there is a lack of courtesy and lack of assistance from the banks in helping people overcome that feeling. Invariably you find customers trying to prove their innocence, but it should be the other way round - there should be a presumption of the customers' innocence."

The extent of the problem that the banks are grappling with comes as no surprise to Dr Anna Kurtovic, a member of the Association of Certified Fraud Examiners and the leader of a forensic accounting team at Lawler Partners in Sydney. She believes a lot of fraud passes unnoticed.

Banks are working to plug security holes, Kurtovic says, but they should be more transparent about the extent of credit card and online fraud, if only to to impress upon consumers the importance of protecting their own information and their money.

She believes banks are reluctant to discuss fraud for fear of damaging their reputations. "There's still a tendency to downplay the problem. As consumers, we should be able to be told more and made more aware."

Kurtovic was the victim of an $US8000 fraud this year, probably when her card was compromised through a merchant's terminal. Her bank reimbursed her, but she had a "nervous" two-month wait.

There has been a flurry of debate in the banking industry about the question of how far online customers should be expected to look after their own security. For instance, if a customer fails to keep virus software up to date, falls victim to a so-called "trojan" virus that captures their username and password and has large amounts siphoned from their account, should they be held liable? What if they respond to a "phishing" attack and hand over those same details?

According to the Electronic Funds Transfer Code of Conduct - a voluntary code of practice to which all banks, building societies and credit unions subscribe - the customer would be liable only if acting with "extreme carelessness". Whether responding to a convincing "phishing" email is equivalent to "extreme carelessness" is unclear.

Posted by Justin Payton in Adware, Spyware and Trojans at 09:56