Will you get reimbursed if you're a bank fraud victim? Brits think not
Study into financial small print reveals Americans often get a nice surprise
Bank customers worldwide are often in the dark about whether or not they’ll be reimbursed for fraudulent transactions.
Customers’ understanding of bank terms and conditions is often sketchy, according to a international study by academics.
The researchers found that there is significant variation worldwide, and even within countries on what customers are expected to do in order to ensure they are refunded in cases of fraud. Advice given by UK banks is sometimes contradictory.
Banking terms and conditions matter, as the researchers point out:
Terms and Conditions (T&C) are long, convoluted, and are very rarely actually read by customers. Yet when customers are subject to fraud, the content of the T&Cs, along with national regulations, matter. The ability to revoke fraudulent payments and reimburse victims of fraud is one of the main selling points of traditional payment systems, but to be reimbursed a fraud victim may need to demonstrate that they have followed security practices set out in their contract with the bank.
The eight person team1 also studied how well customers understood bank terms and conditions, finding that in most cases banks terms and conditions were more generous to victims of phishing fraud or card loss than customers might have feared. The exception to this generally positive picture was how UK banks dealt with card loss.
“In general, customers who read terms and conditions are re-assured but there was one notable exception in the UK where after reading the T&C our participants thought it less likely that a victim of card theft would be refunded,” Steven Murdoch, a research fellow at University College London, told El Reg. “Even so, the majority of our sample thought the customer should be refunded, but the bank and Financial Ombudsman Service found the customer to be liable for the fraud and so not entitled a refund.”
Bank terms and confusions [source: UCL blog post]
The study, which involved an expert analysis of 30 bank contracts across 25 countries, exposed strong regional variations. Germans found their terms and conditions particularly hard to understand, but Americans assume harsher T&Cs than they actually are, and tend to be reassured when they actually read them.
This confusion is all too easy to understand. In most cases the contract terms were “too vague to be understood; in some cases they differ by product type, and advice can even be contradictory”.
“While many banks allow customers to write PINs down as long as they are disguised and not kept with the card, 20 per cent of banks do not allow PINs to be written down at all, and a handful do not allow PINs to be shared between accounts,” found the researchers.
The findings are summarised on the University College London’s Bentham's Gaze blog here.
The full paper, International Comparison of Bank Fraud Reimbursement: Customer Perceptions and Contractual Terms(to be published at the Workshop on the Economics of Information Security, later this month) can be found here (pdf). ®
The research team was made up of academics from University College London (UCL) and the University of Cambridge alongside a researcher from the Foundation for Information Policy Research.
Sponsored: Becoming a Pragmatic Security Leader