Should banks refund internet fraud victims? Metropolitan Police Commissioner tells customers to take charge of fraud protection

Metropolitan Police Commissioner Sir Bernard Hogan-Howe has called on banks not to refund customers who are the victims of online fraud.

The Commissioner said that the system was not "incentivising" people to protect themselves.

Speaking to the Times, Hogan-Howe said: "If you are continually rewarded for bad behaviour you will probably continue to do it but if the obverse is true you might consider changing behaviour."

The stance of the Commissioner raises questions over online protection and the most effective way to prevent it.

"With so much of our personal data now out in the public domain, it is worrying to assume that people should have sole responsibility for the protection of it, especially when many consumers are found to massively undervalue their identities online," said Richard Law, Chief Executive at identity data intelligence specialists GBG. "Personal information is priceless and we all need to be involved in keeping it safe and secure."

Banks and their customers could both potentially deploy security to protect themselves against fraud.

Many banks do have some form of fraud protection in place. However, the advent of mobile banking among other things has made the balance between security and convenience all the more tricky to achieve.

It is possible to increase security by increasing the number of factors of authentication required and by adding tools such as a ‘captcha’ to ensure a human is accessing the account and prevent attacks by botnets.

However, customers want their experiences online to be frictionless, meaning that many banks are now moving to deploy sophisticated technology that tracks users’ behaviour and uses this information to verify their identity.

Banks such as HSBC, RBS and Santander are using biometric authentication technologies with customers. For example, Mastercard recently introduced facial recognition based payments in its mobile app.

Research from Kaspersky Lab and B2B International in December 2015 (surveying over 12000 people from 26 countries) found that 65 percent of internet users are concerned about online financial fraud.

However, 11 percent use no security solution at all to protect themselves.

There were signs that concern was increasing, with 54 percent of respondents saying they would worry about their vulnerability compared to 49 percent in 2014.

"Banks should be putting robust solutions in place to provide their customers with confidence in the convenience of online and mobile banking," Ross Hogan, Global Head of the Fraud Prevention Division at Kaspersky Lab, said of the findings.

"At the same time, banking customers shouldn’t be letting their fears get in the way of enjoying the benefits of making financial transactions online. By using an appropriate Internet security solution, they can take their own steps to protect their money from fraud."

Hans Zandbelt, senior technical architect, Ping Identity, suggested that consumers can only take charge of security if banks enhance things on their side: in particular, he argues passwords should be replaced.

"The individual can only truly protect their online identities with two-factor authentication, biometric authentication such as voice recognition, and multi-factor authentication.

"The banking industry needs to take charge, and ensure that identity security is offered as part of their service to protect British citizens in the ongoing fight against cybercrime."