Customer Accountability: Where does it Start?
The first topic is about responsibility - accountability, really. At what point should a banking institution's customer be held accountable for basic computer security?
As you know, the British Bankers' Association recently announced its position that UK banks should no longer be responsible for losses suffered by online bank accounts if those customers do not have up-to-date anti-virus, anti-spyware and firewall software installed on their machines.
At what point should a banking institution's customer be held accountable for basic computer security?
Could such a notion fly in the U.S.? We raised that question, and among the responses we received:
Clearly, we touched a nerve. Subsequently, I spoke with one security vendor that's interested in partnering with banks to offer basic PC protection services free-of-charge to customers. Kind of like what my home internet service provider does now, offering me antivirus protection at no additional charge.
On one hand, this step does show that the business has made a conscientious effort to plug a major security hole.
But on the other, can't you see that first lawsuit filed by a breached customer saying "Hey, you gave me this stuff and said my PC was safe ...?"
Interesting debate - how much responsibility should the customer bear? Which side do you take?