Throwing down the phishing gauntlet

Bruce Schneier, my favorite “old guard” data security pro, is telling the world that financial institutions should be responsible for financial fraud that occurs on their networks. Meaning, if you get phished, and your account is emptied, the bank should take care of the issue.

I agree, but…

Bruce knows that credit card companies already take the heat for fraud under their watch. You know that most fraud perpetrated on your account has a limit of liabillity (something like $50 in most cases). But the major credit card companies are much better at controlling risk. Complex statistical analysis tells them how much fraud will likely occur, and then they pass that “cost of operation” onto the consumer in the form of higher interest rates and fees.

Now if you pay your bills in full every month with no/low fee cards, then you don’t bear the burden of those extra costs. But each and every one of you is also using a no-fee checking account, with a free debit card and free check writing. If Bruce’s inclinations come to fruition, those accounts may be free no more.