Lords push Government on web security

The Government is not doing enough to protect people from crime online, a House of Lords committee report said today.

It calls for legislation to hold banks responsible for losses from e-fraud and to allow people to report it directly to police rather than going through their banks.

It also recommends a law to force organisations to report all security breaches, such as the loss of customer details.

The same recommendations were made in a report last year on Personal Internet Security by a Science and Technology sub-committee, members of which later complained that the Government had taken no notice. The report today is described as a 'follow up'.

The committee was told that banks often refuse refunds in which a PIN or password is used, on the grounds that the customer must have been negligent or complicit.

By coincidence this issue cropped up today following news that criminals got more than $2m from Citibank in the US by obtaining details from automatic cash machines.

It remains unclear how this was done, though hackers seem to have obtained the details from the banking infrastructure rather than the machines themselves.

Dr Klaus Gheri, chief technology officer at secure networking specialist Phion, says there can be a weak point between the ATM and its linked servers if banks do not encrypt the data.

Online payment firm Paypal UK issued a statement backing today's Lords report. It said: "The current reporting procedure for online fraud is unsatisfactory and risks undermining public trust in the internet. It is encouraging that the Government has agreed to reflect further on this matter."

The statement added: "Cybercrime and phishing is the biggest threat to the continued development of the online economy."