Sun
Canada‘s banking system rests on a foundation of confidence. Customers must trust that their money is not at risk, that it will be there when they need it.
In the past, that meant massive safes and armed guards. In the e-banking world, the risks have evolved. So too have the security measures. The underlying principle remains: Customers must be confident that banks will not leave their hard-earned funds at risk to robbers, whether they carry a gun or sneak through fibre-optic networks to do their dirty work.
Canadians have warmly embraced electronic banking. It’s easy and convenient and we have been persuaded by our financial institutions that while there are risks, they are generally limited as long as customers do their part to safeguard personal information.
But how safe is our money? Researchers at Carleton University in Ottawa accuse banks of misleading customers by, on the one hand, assuring them that their funds are safe, while on the other binding them to “agreements” that may leave them at risk in case of a loss.
Such agreements — which are really conditions set unilaterally by banks and other financial institutions — list conditions that give them the right to hold customers responsible in case someone fraudulently accesses their money.
The researchers found that a relatively large percentage of computer-savvy users were routinely violating the fine print and concluded that most average Canadians would find themselves ineligible for reimbursement guarantees. In other words, if a hacker steals from your account, it’s your loss, not the bank’s.
Financial institutions argue that customers should be responsible for understanding the terms of the agreement to which they become party to by using electronic services.
But these agreements are often so complicated that they can be understood only with the help of a lawyer. One of the big chartered bank’s Electronic Access Agreement, for example, runs to more than 8,000 words and has almost three pages of definitions alone.
If you actually read the agreement, you will find that not only are the terms difficult to meet, they can be changed at any time unilaterally by the bank. You may learn of such changes only if you regularly read its website.
Among the ways you can void the Online Banking Guarantee is by creating a password that is deemed to be too weak — if it includes your name, for example, or that of a family member, their birthdates, your telephone number or even sequential numbers like 1234.
It can also be voided if you fail to maintain up-to-date virus software or if you access your accounts through any device that you “reasonably ought to know” has been infected with software to steal your personal information.
Most financial institutions have versions of these rules. Frankly, we don’t have time to wade through them all. Neither do most customers.
What customers do have is a right to expect their money is safe without having to jump through a bunch of hoops that can be moved without their knowledge.
It’s worth noting that while the potential risk to consumers appears to be great, we have not heard of any who have actually lost money as a result of failing to meet all of the conditions set by the bank.
But we cannot for long maintain confidence in our financial institutions if an activity that has become as central as electronic banking is deemed too complicated and risky for ordinary people to engage in safely.
Banks either have to make it easier for their customers to use their services safely or shoulder more of the risk — without hiding behind all the fine print.
© The Vancouver Sun 2008
