Australian banks unsuccessfully urged corporate regulator ASIC to consider letting them impose security and device rules on customers who used online banking.
The proposals, which were rejected by ASIC, appeared in the regulator’s latest report as part of its long investigation into electronic payments. [pdf].
ASIC’s proposals included rewriting the electronic payments code to account for biometrics, modernizing some definitions, applying the code to national privacy principles, and applying the same rules to digital and paper receipts.
Rather than simply updating the code to account for biometrics, the banks called for “a more comprehensive modernization of the code,” the regulator wrote in its report.
While the report said respondents were generally supportive of adding biometrics to the code, some had reservations which included a “need to empower consumers to better protect their personal devices.”
According to the ASIC report, the banks wanted the ePayments code to address “how consumers can protect themselves when using personal electronic devices to make payments.”
Another thorny issue raised by banks was how to define the obligations that could cover a device such as a mobile phone, when its manufacturer is not subject to the electronic payments code.
Lost or hacked devices should also be considered in light of payment security when biometric authentication to services is involved, the banks argued.
Proposals to modernize the code included asking ASIC “to examine how consumers use their cellphones and other electronic devices and, for example, how this affects the security of virtual credit and debit cards in the case where the consumer’s personal electronic device would be compromised or lost.”
ASIC decided not to pursue any of these proposals, as it decided that a definition of biometrics – which sparked the discussion on device security – needed further work.
The regulator concluded that “further work is needed to ensure that the benefits of embedding biometric authentication in code are appropriately balanced against the implications arising from the use of this technology by consumers. “.
As iTnews reported yesterday, ASIC also faced resistance in the same code review from consumer groups to plans to exclude payments made to scammers from its definition of “erroneous internet payment”, which would limit consumer remedies.