UK Banking Law Blames Customers For Insecure OS

twitter writes "If you use an insecure OS in the UK and someone drains your bank account, the banks say it's your fault. The Register reports: 'The Banking Code produced by the British Bankers' Association (BBA), and followed by most banks, makes it clear that banks will not be responsible for losses on online bank accounts if consumers do not have up to date anti-virus, anti-spyware, and firewall software installed on their machines.'" twitter went on to note that the majority of consumer PCs use an operating system with a history of security issues. Should end users be ultimately responsible for the state of their systems?

Banks hate responsibility

[plopez]

In the US, a friend of mine (a lawyer) basically described the state of banking laws as "the bank is always right, if the bank is wrong the bank is still right". This was based on 1930's banking laws when the banks went to the gov't looking for a bail out and convinced enough people to severly restrict their liability.

If there is a lawyer in the house can they confirm this?

Not sure what the state of the laws are elsewhere, but knowing what a bunch of whining snivelers the banking industry is it's probably the same. The bank is always right and the depositors and the taxpayer pick up the bill.

ummm ... it's not the consumers property

[Kristoph]

Should end users be ultimately responsible for the state of their systems?

The Microsoft Windows OS is not the property of the consumer using it. It is the property of Microsoft used under a license from Microsoft. If the usage of the OS complies with the license then surely any inadvertent behavior on the part of the OS is the responsibility of the owner (Microsoft) and not the license holder (the end user).

]{

Re:Scare tactics

[Kristoph]

The issue at hand is not the bank's security. It is the security of the consumers account.

In any case, do you really want the bank to be responsible for the security of your system? Because, honestly, I REALLY DO NOT want the banks 'staff of professionals' ensuring my security by requiring I install some type of custom 'security' software.

]{

Re:Scare tactics

[The_Wilschon]

There is a subtlety here that you may have missed. Cash is legal tender for all debts. So, if you have already incurred a debt, then your creditor must accept cash as payment. However, most transactions do not involve you incurring a debt. For instance, when you pay to get on the bus, you have not yet incurred a debt, whereas if you eat a meal in a restaurant, then by the time you get the check, you do owe a debt. So, the bus driver may refuse cash; the restaurateur may not.

Interestingly, according to wikipedia, the "legal tender" phrase was added because the government couldn't pay its debts with gold or silver, and nobody wanted paper money instead. The phrase was added to compel them to accept the paper money.

Re:Scare tactics

[TheRaven64]

And what happens if your bank is Egg (now owned by Citi Group) and tell you every time you log in that you should try the Egg Money Manager, which is only available as an ActiveX control? It's frustrating to keep telling users 'disable ActiveX' and have banks tell them to enable it (and use IE), and if they do then I think they ought to accept at least partial responsibility for the user's poor security.