[Quote:]

Banks in New Zealand are seeking access to customer PCs used for online banking transactions to verify whether they have enough security protection.

Under the terms of a new banking Code of Practice, banks may request access in the event of a disputed transaction to see if security protection in is place and up to date.

The code, issued by the Bankers’ Association last week after lengthy drafting and consultation, now has a new section dealing with Internet banking.

Liability for any loss resulting from unauthorized Internet banking transactions rests with the customer if they have “used a computer or device that does not have appropriate protective software and operating system installed and up-to-date, [or] failed to take reasonable steps to ensure that the protective systems, such as virus scanning, firewall, antispyware, operating system and antispam software on [the] computer, are up-to-date.”

The code also adds: “We reserve the right to request access to your computer or device in order to verify that you have taken all reasonable steps to protect your computer or device and safeguard your secure information in accordance with this code.

“If you refuse our request for access then we may refuse your claim.”

Whatever happened to the word “subpoena”? The banks can already get access, if they manage to convince a judge they need it. These new rules are only there to make it easier to deny any claim and force the customer to sue instead.

So, if they’re allowed to inspect my computer, may I inspect their server? No? I probably know better how to secure such a server than they know how to secure my Mac.