No subject

-------- Original Message --------
Subject: Re: Co-op Bank and Verified by Visa
Date: Sat, 27 Jun 2009 02:06:57 +1200
From: Peter Gutmann <pgut001 at cs.auckland.ac.nz>

-- Snip --

Nicholas Bohm <nbohm at ernest.net> writes:
>Peter Fairbrother wrote:
>> In any case, customer liability when phished Security Codes have been
>> provided by a third party crook is most certainly not clear.
>
>It's a clumsy piece of drafting, but the "however" seems to me to make it
>clear that the second rule ("not liable for others' actions unless proved
>fraudulent or careless") overrides the first ("bound by all instructions").

If you're in doubt you can fix this up yourself (at least for some banks) by
going to the bank and asking to have a note placed with your account details
instructing them to take extra precautions with your account.  For
example for
my credit card I have a note saying that any COB (change of billing) changes
(in computer terms any change to the account metadata) can only be done if I
appear in person at a bank branch with photo ID, overriding the bank default
where it's possible to make all of these changes over the Internet (!!),
perfect for phishers.  This means that if the bank does allow a COB over the
Internet or phone then they're liable and not me, no matter what their T&C
says.  This type of extra security saved a friend of mine's bacon when
he was
doing business in Nigeria (pre-Internet), the bank transferred the requested
funds out as per some scammer's instructions but had to pay up because
they'd
violated the instructions he left with them (a European bank in this case)
requiring them to perform extra checks on fund transfers over a certain
value.

Peter.