New Zealand"s Banking Ombudsman has warned banks against insufficient identification requirements for setting up and operating Internet banking.
In case notes attached to her annual report, Ombudsman Liz Brown records two complaints from Internet banking customers who had identifying documents taken from them fraudulently.
?Posing as an immigration consultant, the offender had obtained copies of their passports and of recent account statements from them. He had then used information from those documents to set up Internet banking facilities on their accounts and transfer funds out of them,? the report said.
In response to these cases, the Ombudsman surveyed banks on their Internet password requirements. Seven banks replied, and of these Brown rates two as having ?very high? security standards, with a range of test questions for recovering a "lost" password, that requested information a fraudster would be unlikely to know.
?Three banks had what could be described as medium security... (which) could be susceptible to clever fraudsters? and two had ?less secure processes? covering their Internet and phone banking.
One of these banks ?advised the customer must answer four out of six security questions correctly.? The questions were based on the bank?s relationship with the customer, the Ombudsman reports, so a fraudster armed with passport information and a recent bank statement, or perhaps only the statement, could answer sufficient questions correctly.
The Ombudsman says she is not satisfied that the two worst banks are complying with the Code of Banking Practice.
The case notes contain a number of the usual cautionary tales about leaving written PINs in proximity to credit and debit cards and insufficiently concealing PIN entry on an EFTPOS (electronic funds transfer at point of sale) terminal. (Alcohol is mentioned in a number of these stories, unsurprisingly).
On another digital front, the Ombudsman reports the case of a man who sold a car through an online transaction with a Nigerian, receiving a cheque which appeared valid and was unchallenged by the bank even after the normal four-week period for overseas cheque clearance. He drew on the funds and spent them on living expenses and a new car, and was then told by his bank the cheque had been dishonored.
The Ombudsman ruled that there was some fault on both sides, and the victim was asked to pay the bank NZ$11,500 (US$8,060) of the total NZ$64,452.85 gained from the sale of the car.