Co-op Bank and Verified by Visa
Peter Fairbrother
zenadsl6186 at zen.co.uk
Tue Jun 23 21:24:23 BST 2009
I wrote:
> Or perhaps it protects the customer because it's so insecure for the
> customer that no real liability is placed on the customer?
On customer liability, LLoyds Clicksafe T&C's say:
["
As long as we have been given your Security Codes, we are entitled to
assume we are dealing with you and will:
* act on (and you will be bound by) all instructions;
* allow access to confidential information we hold about you and
your accounts,
without getting further confirmation from you.
However, you/the Business will not be liable for any instructions you do
not give yourself, unless we can prove you were fraudulent or acted
without reasonable care (for example if you do not tell us as soon as
you think someone knows your Security Codes or is accessing your account
without your authority or you broke your obligations in condition 4).
"]
clause 4, https://www.securesuite.co.uk/lloyds/docs/terms.jsp
Either this is self-contradictory: if they have been given the Security
Codes you are bound in the first paragraph, but you liable aren't in the
second (afaict "bound" and "liable" are not distinct, but IANAL - Nick?)
Or the second paragraph refers to a situation where they haven't been
given the Security Codes, and is probably meaningless in the circumstances.
In any case, customer liability when phished Security Codes have been
provided by a third party crook is most certainly not clear.
Shame more people don't take Amex, they don't do 3D Secure. Though
apparently Amazon have refused to sign up to 3D, but I'm not sure why.
-- Peter Fairbrother
More information about the ukcrypto
mailing list