Do Banks Love Hackers?

Posted on by Dan

A recent BBC Click article reporting “Hackers outwit online banking identity security systems” show how ‘hackers’ can poison online banking web sites to trick customers into transferring money out of their accounts.

I was going to blog about the fact that Money Toolkit, and similar services are totally impervious to this kind of ‘Man in the Browser’ attack.

Whilst Money Toolkit is not entirely immune to other forms of attack, (as no device can be) it is extremely well protected

But it got me thinking a bit more about the story, and the scale of fraud reported in the article.

The article reports that…

Online banking fraud losses totalled £16.9 million in the first six months of 2011, according to Financial Fraud Action UK.

Wow, thats a lot! The banks definitely need to get smarter about security. In fact it is a subject banks do like to talk about a lot. Whilst some bank have started to do more things to help protect these losses, most banks simply use ‘security concerns’ as another excuse to explain away the lack of banking innovation and why they have not improved customer engagement and ultimately consumer empowerment.

Banks love this kind of article because if keeps their smoke screen smouldering…

The real news is that banks are still defrauding their customers to the tune of a few £billion a year.

Putting the numbers into perspective, i was going to call this post “Fraudsters dupe UK current account holders out of £2.6 Billion” ….

The real truth

These numbers are based on the OFT report from 2008£2.6 billion in ‘unpaid item’ penaly charges during 2006 (there’s actually another £0.5billion in unauthorised overdraft fees as well)

This number is probably now a tiny bit high today – since a more recent OFT report in 2010 show the average unpaid item fee has halved since the 2008 reports numbers, but when you factor in the other penalty fees, it won’t be far off.

You know I wouldn’t be surprised if the banks didn’t like a little bit of fraud – especially if its online – then they can keep not delivering the services that would help many more people to avoid these (still) ridiculous fees and charges. I wonder if any banks have a secret ‘hacker department’

(btw I’m using hacker in the now more common ‘bad guy at a computer’ way. Not the original and (correct) meaning, as per Zuks recent misunderstood statement)

Whilst the banks have cleaned up their act a bit – we must applaud them for halving the average penalty from £34 to £17 – the OFT report in 2008, provides some choice insight into why the banks like these sneaky, after the event, charges…

The lack of visibility of insufficient funds charges to consumers has reduced the incentive for
the banks to compete on these aspects. As a result some banks appear to see insufficient
funds charges in particular as an attractive way to generate additional revenue without
affecting demand for their accounts.

A footnote goes into more detail…

During the course of this market study, the OFT has seen banks’ internal documents on the level of charges that include statements such as: ‘in order to maximise fee revenue, whilst maintaining our competitive position, selective increases in [insufficient funds charges] are proposed’, and ‘Increasing [insufficient funds] charges will have less impact on our marketing position… due to its lower visibility.’

Note Well – that there is not a hint of this being ‘handling costs’, its not that the cost to service the un-arranged debt has gone up – simply that they could generate profit whilst hiding the cause!

Its easy for high earners, and those that manage their accounts well to blame the individuals foolishness, but it is seriously easy to get caught out, almost everyone has been tripped up at one time or another. To get a feel or the scale of the problem (from the 2008 report) ….

• over a fifth of consumers were unaware of insufficient funds charges until they had incurred one
• over 12.6 million accounts (23 per cent of active accounts) incurred at least one insufficient funds charge in 2006, and
• those consumers who incurred an insufficient funds charge in 2006 were more likely to incur at least six charges than just one.

So why would banks not want to offer compelling online and mobile services to keep us well on top of our finances. Why would they not want to ‘be on our side’ and help us out with timely warnings and reminders, and quick emergency transfers?

Well of course that would be a ‘security concern’.

(by the way don’t worry about the banks not making enough money in this economic downturn ‘profits are soaring’ )

This entry was posted in banking, News, Security, Web and tagged , , . Bookmark the permalink.

Comments are closed.