Can Banks Shift Phishing Losses to Customers?

1sockchuck writes to mention a Netcraft article wondering who should bear the brunt of phishing costs. A group of customers with the Bank of Ireland recently had $202,000 drained from their accounts by phishers. The bank initially resisted the request to refund their money, but allowed it after a suit was threatened. From the article: "The Bank of Ireland incident is one of the first public cases of a bank seeking to force phishing victims to accept financial responsibility for their losses, but it likely won't be the last. Phishing scams continue to proliferate, as Netcraft has blocked more than 100,000 URLs already in 2006, up from 41,000 in all of 2005. Financial institutions continue to cover most customer losses from unauthorized withdrawals. But after several years of intensive customer education efforts, the details of phishing cases are coming under closer scrutiny, and the effectiveness of anti-phishing efforts taken by both the customer and the bank are likely to become an issue in a larger number of cases." So, should a bank be forced to pay back a customer who has lost money to phishers? Or is it ultimately the customer's responsibility to make educated use of technology?

It's not the banks' fault anyway.

[krell]

The banks aren't phishing, so there is no way they should pay a dime to anyone.

-"I say, 'Yes. Yes they should.' I answer, 'Why?'"

[Corwn+of+Amber]

Difficult or impossible? For what sort of ultimate moron is it hard tu read a f*ing URL, when they submit information to a site that can obviously drain their money with said info?

That is, "How hard is it to notice you're really on www.paypall.com?".