Got phished? We’ll take responsibility.
AmitimA referred me to an interesting fact. Bank Hapoalim, the largest bank in Israel, has a warranty notice (Hebrew only) on their web site regarding Internet transactions.
Contrary to my (cynical?) expectations the warranty says as follows (apologies for the rough translation):
“This is to certify,
that bank Hapoalim provides you a warranty on money transfers out of your account, that were done over the Internet, maliciously, by a 3rd party that was not authorized to operate your account and has done so without your knowledge and without your consent, your approval or with you.
The bank hereby declares that it will credit your account in the identical sum of the amounts that were taken out of your account, within 28 days from the day you sign the event form…”
The only obligation is that you notify them within 28 days of the event, and that you give them reasonable help to assist them in investigating. There is no fine print, no disclaimers and no hidden catches as far as I can tell.
I know this is already the informal policy in the Internet-based banking world. It makes sense: Banks want to encourage people to use their Internet banking that is cheap to maintain and support and to do that they swallow online fraud and phishing as the cost of doing business. But this is the first time I’ve seen a bank step forward and declare this unequivocally.
It seems new to me – when I signed up to online banking with Bank Hapoalim a few years ago I signed a waiver that placed all responsibility on me and practically none on the bank.
Are there any other banks out there that have a similar official policy on their web site? I’m not asking about the de-facto policy which is obviously the same as above for most banks. I’m talking about putting a clear and simple notice that they take full responsibility for losses caused by phishing.
Has the online-banking world changed while I wasn’t looking? Go check your bank’s official warranty and post the result in the comments below.