Compensation Demands on Banks  

While the interviewed security experts for the most part assumed that in the case of a loss – even one resulting from (gross) negligence on the part of the customer – the bank would be expected to show magnanimity, the survey showed that the opinions of consumers in this respect diverged more greatly. The questions were related to a hypothetical case of loss which became possible because the online banking system was accessed via an insecure, public network. Only 18% of the customers who considered themselves to be responsible for PC security expected compensation from the bank if misconduct on their part could clearly be identified. In contrast, 64% of the customers who see the bank as responsible for the security of their own PCs expect compensation even if they did not take adequate precautions. 

Customer-friendly Information Security Creates Added Value

As far as the development of the security situation is concerned, it is interesting to note that customers and experts differ in their opinions. Whereas a clear majority of 68% of the surveyed consumers expressed the opinion that online banking had become more secure in the last five years, the interviewed bank experts emphasized above all the threat from organized crime which has increased in recent years and will continue to increase.

Overall, the study shows that banking institutes will profit long-term in many ways from state-of-the-art security measures which can be communicated well to the customers and which are designed to be customer friendly. The challenge is still to be found in taking customers’ wishes into account so that secure products are offered which are honored by customer acceptance and create an added value for the banking institution.

__________________________________________________________________________  

Bibliography 

Deutsches Bundesamt für Sicherheit in der Informationstechnik, Lagebericht 2008, 2008, p. 24. 

Laura Georg, The Function of Corporate Security within Large Organisations – The Interrelationship between Information Security and Business Strategy, Université de Genève, Geneva, 2007, pp. 321 et seqq. 

Cologne Regional Court, Decision 9 S 195/07 of 05/12/2007, http://www.justiz.nrw.de/nrwe/lgs/koeln/lg_koeln/j2007/9_S_195_07urteil20071205.html, viewed on 06/03/2009.