Customer compulsory anti-virus firewalls pointless?

Not heard of banks in the UK trying this cop out.  Interestingly, one of the banks I deal with (Barclays), recently offered customers who use their internet banking service free security software (Kaspersky), so maybe they're planning to use that as a tactic if you haven't taken up the offer.

I agree with your observations and consumer awakening will drive services industry to offer more.

Coming to a bank near you very soon - 'not the latest virus software and had your bank account defrauded? Tough luck, your loss'.

The UK and other draught banking codes now include wording to make the customer liable for losses attributable to them “acting without reasonable care”, where “reasonable care”  includes installing anti-virus software on their PCs. Some codes specifies that security software should be installed on computers, but does not specify it is turned on or actually operating when you perform a transaction.

The codes are of course vague enough to provide solicitors and barristers with plenty of billable hours arguing over what is reasonable. This of course precludes about 95% of the population from having the resources to successfully recover their money if fraud occurs. The governments may respond with 'here's a new ID card for you to keep you safe' or that failing they'll no doubt appoint a new 'Banking Security Software Ombudsman' to hear complaints and stop the financial system collapsing when consumers wake up to the fact that their money is no longer safe in an old-fashioned bank. 

At any point in time anti-virus software only protects consumers against some of the threats, no matter what the brand, so it should see some spectacular public arguments and I expect the consumers involved to be quite vocal. We're in the 21st century, is this really a 21st century approach to the problem? Many hackers will of course come out of the wiring in defense of the underdog individual and we might see some spectacular exposes of bank website and general banking security weaknesses.

While not exactly being a fan of the situation where we need anti-virus software and firewalls I'd be the first to suggest using them if they actually protected you but even if they could, it's no use if the bank's own site is where the vulnerability sits.

As a customer I'd make sure your PC is 'presentable' because it is safe to assume you'll have to let the bank IT forensics team have a peek at it to prove you either did or didn't have the 'right software version' installed. I see further co-operation between banks and virus vendors possibly leading to 'approved lists' or versions which are deemed safe for customers to install. This could present even more potential problems. What it means for mobile internet banking is less clear, but it may have serious implications.

At least one bank has recently got into an argument over whether the SMS authentication they use is merely window dressing. I am certain that it has 'limitations' in common with other SMS schemes, and if they want to 'be different', it doesn't seem the way to go, but thats just marketing. I've heard of instances of threats to launch legal eagles against security critics and suspect that its ultimately going to be counter-productive to security and confidence. More so when baddies are paying good money for bank site vulnerabilities. It isn't even illegal to sell such information, or buy it, so it's easy guess who'll get the info when one party wants to sue and the others will happily pay you $50k. It would be equally counter-productive to ty and make it illegal.

I've always believed that the methodology generally used to transact has fatal flaws and belongs in the last century. No 'strap on' solution will ever fix it. Even our excellent authentication alone doesn't solve the problem of data in merchant's computers and transaction processors systems going astray, it requires a holistic approach like our transaction methodology to remove those risks. There is just too much unnecessary information moving around with current systems.

I don't think 'heads in the sand' is a plan, and I've never aspired to just be above the lowest hanging fruit. Many banks take that view with fraud losses - it's ok so long as they are not losing anymore than the industry average, or at least nobody else knows. While it's probably a fair plan for a retail store it seems less than ideal for a trust based business, and trying to bury your customers head in the sand with you is even less so. Engagement is always the best way, both with customers and those you might perceive as enemies - those security 'critics' and hackers.

One customer who loses money through internet banking tells others, even more so when they use the internet, and will be especially vocal if they feel it was the bank's fault. It will be interesting to see which banks choose to make the customer carry the risk in internet banking. What are the risks of such a policy for the banks? Will it lead to more, or less, internet banking?

It doesn't have anything to do with 'scaring' the customers into embracing some type of government backed dumb 'smart' id card does it?

Of course this also creates fabulous opportunities for new entrants with a 21st century plan to come in and help out those poor customers paying high fees and still fearing that they'll lose all their money if they stay with an 'old fashioned' bank. 

Good plan bankers - it certainly opens up the market to some very distinctive and relevant product differentiation.