The Met’s approach to cyber-fraud shows how out of touch it is

OPINION Our new Computing Editor, Michael Passingham, bemoans the out of date mentality of our police to cyber-crime.

The chief of the Met Police has suggested that victims of cybercrime shouldn’t be “rewarded” by their bank if they’ve been defrauded online. It’s yet another brilliant example of how detached the police still are from the realities of cyber-crime.

His comments were published in this morning’s edition of The Times (paywall), where he suggested that victims who had been defrauded shouldn’t be “rewarded for bad behaviour”.

To be clear, Hogan-Howe is referring to victims of fraud via hacking and malware, not the sort of online fraud where you, under your own steam, send money to a scammer. You wouldn’t get reimbursed for this unless your bank was feeling exceptionally generous.

He said: “If you are continually rewarded for bad behaviour you will probably continue to do it but if the obverse is true you might consider changing behaviour.”

He went on to say that banks should offer less reimbursement if it’s found that they’re running software that’s not up-to-date.

Notwithstanding that using the word ‘rewarded’ for a victim of a worrying, faceless crime, is misjudged, there are a lot of technical reasons why his suggestions would be bad news for consumers.

It’s unworkable.

Imagine your card details have been skimmed after you entered them in on an online store. This could have happened at your end via a keylogger or, if you were deeply unfortunate, the site in question might have stored payment information unencrypted on their servers, and were hacked.

Running up-to-date software makes absolutely no difference in this case, and it should be up to the bank’s own security to work out if payments being made on your card are suspicious or not. This is what we pay for with monthly account fees.

Your bank has such a vast amount of information about you they almost know what you’re going to buy before you do. That’s why they call you if you go on a shopping spree or end up in another country. If a bank’s fraud detection system fails in this increasingly threatening online world, this is something we as consumers have no control over. Putting blame on the end user is just ignoring the primary problem.

Let’s also remember that the police follow up fewer than 1% of online fraud cases, which might give some insight into why the Met is saying this. You have a better chance of recovering a stolen bicycle than getting the police to follow up on your online fraud case.

Yes, forcing consumers to focus on security would certainly make the job of cyber-crime harder, but with the estimated cost of cyber-crime pegged at £1bn a year it’s still a rather lucrative pursuit.

Related: Best Free Antivirus 2016

I’m all for banks encouraging you to secure your kit. Indeed, many of them offer downloads of software such as Rapport and have extended free trials of big-brand antivirus software, but coming back to the user and blaming – then punishing – them for something that could be avoided entirely with two- or three-factor authentication (which can be easily mandated) is madness.

You should be running antivirus, you should keep your PC up to date, but if you slip up, you shouldn’t have to worry that your bank’s own security systems are going to end up blaming you.