When will the customer have to have at least some responsibility for their action/inactions?
I guess the person who invents the perfectly secure internet transaction will be the richest person on the planet. Imagine being able to conduct a secure pc based internet transaction with every kind of trojan and keylogger installed.... On 6/27/07, B.K. DeLong <[EMAIL PROTECTED]> wrote:
Interesting - I wonder how long before online merchants subject to the PCI DSS will transfer liability to users. From the PCI to the Processors to the Auditors to the Merchants to the Consumers - what happened to "the customer is always right" ? On 6/27/07, Fergie <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dave Jevans: Where ever you are, you owe me a beer. I told you that > the liability issues would start to shift more towards the consumer > to prove they are not at fault. > > And it _will_ get worse. Bet on it. > > Via Computerworld.co.nz. > > [snip] > > Banks are seeking access to customer PCs used for online banking > transactions to verify whether they have enough security protection. > > Under the terms of a new banking Code of Practice, banks may request access > in the event of a disputed transaction to see if security protection in is > place and up to date. > > The code, issued by the Bankers' Association last week after lengthy > drafting and consultation, now has a new section dealing with internet > banking. > > Liability for any loss resulting from unauthorised internet banking > transactions rests with the customer if they have "used a computer or > device that does not have appropriate protective software and operating > system installed and up-to-date, [or] failed to take reasonable steps to > ensure that the protective systems, such as virus scanning, firewall, > antispyware, operating system and anti-spam software on [the] computer, are > up-to-date." > > The code also adds: "We reserve the right to request access to your > computer or device in order to verify that you have taken all reasonable > steps to protect your computer or device and safeguard your secure > information in accordance with this code. > > "If you refuse our request for access then we may refuse your claim." > > [snip] > > More here: > http://computerworld.co.nz/news.nsf/news/FDA3CE33D73B5B82CC257302000B0EE8 > > - - ferg > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.2 (Build 2014) > > wj8DBQFGgpg9q1pz9mNUZTMRApWTAJ9pjNomy2oQjbldjFGEHg2gH0g18wCg4cb9 > 1pHQpoXboGgztQoo566EC2A= > =MFlr > -----END PGP SIGNATURE----- > > > > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > fergdawg(at)netzero.net > ferg's tech blog: http://fergdawg.blogspot.com/ > > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > -- B.K. DeLong (K3GRN) [EMAIL PROTECTED] +1.617.797.8471 http://www.wkdelong.org Son. http://www.ianetsec.com Work. http://www.bostonredcross.org Volunteer. http://www.carolingia.eastkingdom.org Service. http://bkdelong.livejournal.com Play. PGP Fingerprint: 38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE FOAF: http://foaf.brain-stream.org _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
