As I mentioned last time, banking online in New Zealand just got a whole lot scarier for consumers, who probably assume that major institutions, such as banks, will keep them safe in cyberspace.    

The New Zealand Banking Association (NZBA) has defended its new banking code of practice that potentially makes New Zealanders liable for online banking fraud, as an effort to "educate" consumers about the risks of online banking. It also indicated that individual cases will be considered on a “case by case basis,” and that they will “do what is reasonable”.

Although at first glance it seems like the NZBA has succeeded in pulling a fast one on local consumer protection groups, who appear to have been asleep at the wheel, I am convinced that the victory will be short-lived, as the entire concept is too poorly conceived, and devoid of any strategic insight into what glue holds the financial sector together, to be tenable long-term.         

Reports in the NZ media suggest that consumer protection groups realize that they have been out-flanked and out-maneuvered and are trying to regain a foothold in the race, long after the horse has bolted; they are seeking clarification from the NZBA respecting the liability provisions in the code, and expressing concern about the extraordinary provision that allows local banks to inspect consumer’s computers before deciding to reimburse them, if they lose money to scam artists.   

I have grave concerns about the legality of this latter provision, but I can only assume that NZBA lawyers looked it over before it came into effect. But maybe not. Stranger things have happened.

In any event, local news media are probably salivating at the prospect of stern faced banking officials showing up at Mrs Maloney’s door – the distressed, recent victim of cyber-fraud- to seize her computer (full of photos of the grandkids) and take it away- ‘for inspection’.

Just imagine the scene: the tussle for possession, the screaming, the sobbing, the inevitable tearful interviews with local talk-show hosts, the mass race to close out bank accounts at the offending callous institution: positively riveting television viewing. Banking officials will wish the earth would swallow them up, and heap their displeasure in the direction of the NZBA.

US banking regulators are far smarter than that, and they have worked hard to head off such precipitous action by member banks. Years ago they issued an edict that discouraged US financial institutions from passing liability for online banking fraud onto consumers, rationalizing that such action could result in a crisis in consumer confidence, and undermine the reputation and trustworthiness of the entire sector.  

The Australian Banking Association has got the message, and will not meander blithely up to the gallows:  it recently issued a self-serving statement to the effect that it will not be following the example of the NZBA by going into the home PC security inspection business, or pursuing defrauded banking customers unto death, provided- and here is the kicker- ‘it is clear that the user has not contributed to the loss’. Needless to say, the latter statement gives them ample room to maneuver.

However, this epidemic of ‘tough love for consumers’ is not just endemic to New Zealand. The Australian Securities and Investments Commission (ASIC) made proposals in a consultation document published last year as part of a revision of the EFT (Electronic Funds Transfer) Code of Practice, suggesting that consumers ought be liable for online banking fraud if they didn’t have ‘adequate’ security measures in place, or words to that effect.

ASIC is understandably reluctant at this precise juncture to emphasize that aspect of the proposal, and representatives have publicly declined to comment on whether the consumer liability provisions have made the final cut, indicating that there will be “further public consultation on the re-drafting of this code."
One can only hope so.

And what lessons should industry take out of this whole affair?

Businesses should not have to be reminded that brand value is a key corporate asset, and that poorly conceived, short- term actions- that have the potential to come back to haunt them a thousand times over- may be regretted for many years to come. Especially when the competition is just one click away.

Much has been written about the resurgence of interest in corporate strategy in many a corner office.  But I have also heard whining about how developing an enduring strategy for success- rather than mere benchmarking- is so difficult to conceive. But nothing worth doing is not worth doing well. And sometimes knowing what not to do is as good a start as any.