Galexia
             home
       about us
        services
        projects
       research
          contact
» home » research » assets » eft review  

Subscribe to Galexia news and announcements.
More information »

Our Focus: Galexia's focus is on research, advice, strategies and solutions involving e-commerce, identification, identity management, authentication, security and privacy in Australia and the Asia Pacific. Find out more »

[Data protection regulations and international data flows: Implications for trade and development (April 2016)]

Data protection regulations and international data flows: Implications for trade and development (2016)
Find out more »

Submission - Joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC (May 2007)

[« previous] [next »] [up] [title page] [full contents]

Q29 – Should an additional example be included in cl 5.6(e) specifically referring to the situation when an account user acts with extreme carelessness in responding to a deceptive phishing attack?

It may be that there are certain situations in which account users have acted with a degree of carelessness to a phishing attack that is considered ‘extreme’ such that liability should be imposed upon them for any resultant financial loss. However, the notion of ‘carelessness’ should be carefully demarcated with respect to phishing attacks for a number of reasons:

  • Firstly, it is important to remember that, although there is a range of authentication technologies available to end-users to assist with detecting phishing attacks, these are generally less effective than technologies that can be implemented by financial institutions.[27]
  • Secondly, financial institutions have been instrumental for some time in promoting the use of the online channel to their customers. Despite having the option of encouraging, or even compelling, customers to shift to the use of other channels for banking so as to avoid the problem of phishing attacks (including telephone or face-to-face banking), they have avoided doing so. In this regard it must be remembered that financial institutions reap significant benefit in the form of cost savings by encouraging their customers to perform banking transactions online.
  • Thirdly, if the financial services community does not know why consumers repeatedly respond to phishing attacks, then it is pointless and unfair to impose liability on them for responding more than once. If consumers genuinely think that they are taking appropriate action, and genuinely think they are responding to a message from their institution, then making them liable in those circumstances would just seem to have the effect of discouraging them from using Internet banking. Further research on why consumers respond to attacks would help design appropriate security defences, rather than simply shifting liability to consumers.

For these reasons, employing a broad definition of ‘carelessness’ in Clause 5.6(e) in order to impose a greater degree of liability on bank customers in relation to losses flowing from phishing attacks is unwarranted.

[27] This is discussed in more detail in the response to Question 30, Potential Responses to Phishing Attacks and other forms of Online Fraud at page 29.

[« previous] [next »] [up] [title page] [full contents]

[view all] [download PDF version]

[up to research]

 

Search for:

HERE

PrintVersionprint this page

Sitemapsitemap

Subcribe to RSS newsrss news feed

Manage email subscriptionsmanage email subscriptions

Latest News

September 2019
Register of Public Galexia PIAs. Read more »

September 2019
Updates to Galexia Website. Read more »

September 2019
PM&C / Office of the National Data Commissioner (ONDC) releases Discussion Paper and accepts recommendations from Galexia’s PIA on the proposed Data Sharing and Release legislative framework. Read more »

August 2019
Galexia providing privacy advice and an independent public Privacy Impact Assessment (PIA) on 2021 Census for ABS. Read more »

June 2019
Galexia completes privacy advice and an independent Privacy Impact Assessment (PIA) on the Naval Shipbuilding College Workforce Register. Read more »

view all news items »

[Home] [Sitemap] [Print this page] [Privacy statement]

© Galexia Pty Ltd
Telephone: +61 (02) 9660 1111
Email: [email protected]