Note: This column represents the opinions
of the writer and as such, is not purported as fact|
Here's the scenario...
the contents of Aardvark's "million-dollar ideas" notebook
are revealed for all to see!
You log on to the Internet in order to access your bank's online
banking service so you can pay a credit card bill and move some funds
around between accounts.
Hang on -- what's this? Why are all your accounts showing a zero
A quick check of recent transactions shows that a week or so ago,
all your money was transferred to someone else's account -- seemingly
through the very online system you're currently using.
As another method of offsetting the cost of running this
site, I'm considering the use of sponsorship -- but would like some feedback.
Based on recent stats, a sponsor could expect to have their branding
delivered around a million times a year to an extremely well targeted
audience of (mainly Kiwi) internet/IT professionals and hard-core Net users.
If you're brave enough to be Aardvark's exclusive sponsor for a year, or if you're
a reader who'd like to voice your opinion on the matter then please
You ring the bank to find out what's going on and are told that someone
using your ID and login performed the transfer some five days ago and that
this isn't the bank's fault or problem.
Uh oh... what are you going to do now?
You run a virus scan on your computer and it finds a trojan program that
has, for the past month, been quietly betraying your secrets to an unknown
party somewhere out there in the ether.
Unknown to you, the trojan arrived as an email that had an attachment which
you opened out of curiosity. After all, you're not someone who regularly
reads Aardvark or any other Internet-related publication and you believed
Microsoft when it said that Windows XP was the most secure version
ever produced so how were you to know this was a stupid thing to do?
Right now you're penniless and you're hoping like hell that the bank will
accept that this wasn't your fault -- what are your chances?
A quick survey of the "Terms and Conditions" associated with NZ's online
banking services seems to indicate that you might be out of luck.
You can read them for yourself to see what I mean:
It would appear that if you take every reasonable precaution to prevent
unauthorised access to your PC (and hence unauthorised use of your ID/password)
then you might (let me emphasize "might") be indemnified -- however, only the BNZ
clearly lays out in any real detail what it considers to be acceptable and unacceptable.
You have to wonder whether anyone will be able to use the BNZ's service
without infringing at least one condition however. According to Section 6.2, clause f:
"You agree not to open e-mails or attachments or run software from untrusted or unknown sources".
Yes, that's right -- if you use BNZ's online banking service you are strictly
forbidden from opening emails from people you don't know. Let's make that
quite clear -- it's not that you can't open attachments on such emails -- you
can't even open the mail itself.
If you're a trader using a website to solicit new business then you'll just
have to ignore those emails from prospective new customers -- how dumb is that?
Obviously the BNZ is trying to cover its backside to avoid liability in the scenario
I've already described -- but it is plainly outrageous to ask a customer to
ignore emails just because the sender is not previously known to them.
The helpdesk worker I spoke to at the BNZ regarding this draconian clause said
that it probably only meant you couldn't open attachments -- but if that's
the case, why doesn't it say that? I think you and I both know that when it
comes to protecting the interests of shareholders, banks and insurance companies
tend to enforce the letter of their contracts quite stringently.
However, you've got to have some sympathy for the banks. Why should they
have to pay up if your money goes missing through no negligence or fault
on their part?
Well perhaps there is fault on the bank's part.
Perhaps they're negligent for using such an easily circumvented method of
authentication as an ID and password. Goodness knows, there are many alternatives
available (even the one I've been trying to tout with little success) which
are far less vulnerable.
Let's face it -- even the act of choosing a password is a compromise. All the
banks demand that it not be something too short or easily guessed (such as a
birth-date, name of a family-member, etc). On the other hand they forbid
you from writing down or storing electronically that hard-to-remember password --
what's a person to do?
Likewise -- the banks (particularly BNZ it would seem) are patently aware that
Microsoft Windows is an intrinsically insecure platform so, by acknowledging
the risk, they must also share in the liability.
Whatever the case -- if you're using an online banking service you'd better
make absolutely sure that you have effective anti-virus software with
regularly updated data files and that your operating system, mail program
and browser are updated to the latest versions at all times.
Anything less and you're effectively leaving your life savings on a virtual
park-bench somewhere in cyberspace.
Have Your Say
As always, your comments are welcomed. Please remember to select
"For Publication" if you want them included on this site.
Have your say.
Add Aardvark To Your Own Website!
Got a moment? Want a little extra fresh content for your own website or
Just add a
to your pages and you can get
a free summary of Aardvark's daily commentary -- automatically updated
each and every week-day.
Aardvark also makes a summary of this daily column available via XML using
the RSS format. More details can be found
Contact me if you decide to use either of these feeds and
have any problems.
Want to link to this site? Check out Aardvark's
Did you tell someone else about Aardvark today? If not then do it