Ben’s Weblog

Came across a great article on identity theft over at c|net. Here’s a snippet:

Financial institutions need to be liable for fraudulent transactions.

They need to be liable for sending erroneous information to credit bureaus based on fraudulent transactions. They can’t say that the user must keep his password secure or his machine virus-free. They can’t require the user to monitor his accounts for fraudulent activity, or his credit reports for fraudulently obtained credit cards.

Those aren’t reasonable requirements for most users. The bank must be made responsible, regardless of what the user does.

If you think this won’t work, look at credit cards. Credit card companies are liable for all but the first $50 of fraudulent transactions. They’re not hurting for business; and they’re not drowning in fraud, either. They’ve developed and fielded an array of security technologies designed to detect and prevent fraudulent transactions. And they’ve pushed most of the actual costs onto the merchants.

I agree completely. Discover caught a transaction on my account last year - in the middle of a bunch of typical transactions, they saw a $500 purchase at an Old Navy in Buffalo, NY or someplace nearby. $500 isn’t an unusual amount for me on the credit card…insurance, etc. And, they’ve even called a couple times when they saw something suspicious (like the day I had breakfast in Chicago, lunch in Memphis, and checked into a hotel in New Orleans that night). Never had the bank call about a charge.

I still like the idea of having two-factor authentication for banking / financial transactions, though.