Australia’s banks unsuccessfully urged corporate regulator ASIC to consider letting them impose security and device rules on customers that used online banking services.
The proposals, which were rejected by ASIC, emerged in the regulator’s latest report in its long-running inquiry into epayments [pdf].
ASIC’s proposals had included rewriting the ePayments code to accommodate biometrics, modernise some definitions, apply the code to the national privacy principles, and apply the same rules to digital and paper receipts.
Rather than merely updating the code to accommodate biometrics, the banks requested “a more fulsome modernisation of the code”, the regulator wrote in its report.
While the report said respondents generally supported adding biometrics into the code, some had reservations that included a “need to place some responsibility on consumers to better protect their personal devices”.
The banks, ASIC’s report said, wanted the ePayments code to address “how consumers can protect themselves when using personal electronic devices to make payments”.
Another thorny question raised by the banks was how to define the obligations that might cover a device such as a mobile phone, when its maker isn’t subject to the epayments code.
Lost or hacked devices should also be considered in light of payment security where biometric authentication to services is involved, the banks argued.
Proposals to modernise the code included asking ASIC "to consider how consumers use their mobile phones and other electronic devices and, for example, how this affects the security of virtual credit and debit cards in the event that the consumer’s personal electronic device is compromised or lost”.
ASIC decided not to proceed with any of these proposals, because it decided that a definition of biometrics - which triggered the discussion about device security - needed more thorough work.
The regulator concluded that “further work is needed to ensure that the benefits of accommodating biometric authentication within the code are balanced appropriately against implications stemming from consumers’ use of such technology.”
As iTnews reported yesterday, ASIC has also faced resistance in the same code review from consumer groups to plans to exclude payments made to scammers from its definition of ‘mistaken internet payment’, which would limit consumer avenues of recourse.
