I recently received a letter from American Express, warning me about a data breach that occurred with a third-party service provider several years ago. Although the letter doesn’t name the company who suffered the breach, it does mention that I’ve done business with them. The letter goes on to say American Express will continue to monitor my account for suspicious activity, and reminded me that I will not be liable for any fraudulent charges.
Oddly enough, just days after I received this letter, I read an article in the Financial Times that discusses new UK proposals that would require bank customers to cover the bill for fraudulent activity. While this is a sharp contrast to the way fraud is currently handled by banks across the globe, it’s an issue the banking industry in the UK is contemplating, due to the increase in the frequency of cyberattacks. According to Financial Fraud Action UK, an organization working together with consumers, retailers, and the police in order to help prevent fraud, financial fraud across the UK was up more than 25% the previous year, with internet banking being the major culprit.
GCHQ, the UK’s electronic eavesdropping and cybersecurity agency, believes banks need to do more to persuade their customers to protect themselves. For example, banks could detect old versions of internet browsers or inadequate antivirus protection, and either encourage customers to update their applications or even ban them altogether from accessing online banking portals until compliance is met.
Regardless of whether new legislation is passed, customers can significantly reduce their chances of intrusion by ensuring their computer systems are up-to-date with the latest security features. And for everyone’s sake, it’s in each bank’s best interest to institute a program that ensures compliance.