After a chorus of criticism from rivals and banking specialists, Australia and New Zealand Banking Group Ltd. (ANZ Bank) is reviewing its policy of holding customers liable for any damage caused by viruses spread from their computers to the bank's systems.
The policy is buried in the Internet banking terms and conditions on the ANZ Web site.
"You may be liable for any direct losses suffered or incurred by you or the bank (on a full indemnity basis) to the extent that any such losses are a consequence of unauthorized access to ANZ Internet banking caused by a fault, interference, interception or virus perpetrated directly through your computer equipment, as a direct result of you failing to take reasonable and appropriate antivirus and other security matters."
The policy has attracted the ire of Massey University's Centre for Banking Studies director David Tripe, who branded it "incredibly draconian."
"It's using a sledgehammer to crack a nut. One wonders how it would be policed."
National Bank and WestpacTrust both declared it "unreasonable" to put such a requirement on customers.
National Bank's customer care and corporate affairs manager Grant Coppersmith says people attack and send viruses to the bank's systems every day, but it is well protected through firewalls, software programs and desktop virus checkers. Customers might only be held liable in extreme cases where any damage was "malicious or deliberate."
WestpacTrust Internet banking manager Henry Davies says it would be difficult to prove who caused the damage.
"You can only imagine what may be necessary. It would need a forensic examination of the customer's machine."
BNZ PR spokeswoman Jacqui Miller confirmed her bank takes responsibility for its own security and ASB has no such policy placing customers at risk either.
After repeated attempts to gain a response from the bank, ANZ's Melbourne-based Internet banking marketing manager, Susan Tilstra, issued a statement to Computerworld saying ANZ "had never enforced its Internet banking terms and conditions in the way suggested."
She says the bank is "currently reviewing this issue to ensure that the Internet banking terms reflect ANZ's intent, which is to act in the best interests of its customers". Tilstra did say that customers were also responsible for the security of their own computers, and that the bank would continue to educate them about it.