Read the fine print

Over the last few weeks, I have been doing something of an investigation into how terms and conditions could affect the people who agree to them. However, since no big legal case has come out concerning the terms, it has been a story that`s not really a story.

I have been looking specifically at banks` Internet banking terms and conditions and, while it`s no big scoop, there is definitely something there.

The reason I bring it up now, is because of a story published on ITWeb about a charity organisation that was scammed out of about R90 000 - a hefty sum to lose, especially when that money was supposed to go to needy kids.

These scams are increasingly ingenious and I often wonder why these guys are not honours graduates with innovative final year projects.

Internet banking has been a long-time security worry for both banks and users alike, but the banks came up with a brilliant solution: the one-time-password - a changing PIN that gets sent to your communication device of choice every time you log on.

But criminals have raised the bar and essentially attacked, what I believe is the weakest link, the mobile phone SIM cards. In a combination of identity theft and masterful manipulation, the fraudsters managed to access all the information needed to get into the account.

Which brings me to my point: who exactly is responsible for the now missing R90 000? At the moment, the parties involved are taking part in an entertaining finger-pointing session. Although I am sure both the service provider and the bank could easily cover it with capital reserves.

My guess is that everyone involved is in some way guilty, even if the crime was unpredictable. The account holder fell for a phishing scam and gave out her first bits of vital logon information, the cell provider allowed some stranger to swap out her SIM card, and the bank did not question that R90 000 was swiped out of the account in one go.

All things considered, it`s a bit of a balls-up, and the liability for the lost money is still hanging in the air. And it`s the liability at the end of the day that will make all the difference.

The banks have long lists of liability clauses somewhere in their terms and conditions, cunningly disguised in lawyer-speak. Some of the banks have even waived liability for problems in their own software, and while I haven`t got there yet, I am sure the cell providers have the same clauses.

In fact, the bank in question, in its terms and conditions, says it takes no responsibility for "any loss or damage with regard to your or any other data directly or indirectly caused by malfunction of our bank system, third-party systems, power failures, unlawful access to or theft of data, computer viruses or destructive code on the bank system or third-party systems; programming defects; negligence on our part or caused by the year 2000 computer problem." And don`t be fooled: all the banks have similar clauses.

These scams are increasingly ingenious and I often wonder why these guys are not honours graduates with innovative final year projects.

Candice Jones, journalist, ITWeb

New media lawyer Paul Jacobson says, while these conditions may or may not be held up in court, the possibility exists that any customer looking at online banking may have to pay for any and all losses they incur.

His biggest concern is that people are not reading the conditions, and not just those that belong to the banks, but any terms listed for any service.

But there are many things that stop people from reading them. Firstly, they are written in another language, so it may or may not be pointless to read them. And secondly, if you don`t agree, what then? It`s essentially a matter of "if you don`t like it, don`t agree and then don`t use the service".

However, Jacobson says there is hope. If people stand up as a group at the very least, we can get the conditions rewritten in English. At best, we can have them changed.

On the upside, the police seem to be getting their act together and have started what looks like an excellent set of programmes aimed to teach them how to deal with cyber crime.

For the time being, the charity, which lost 90 big ones, looks like it has a long road ahead. It will be really interesting to see who will take responsibility for the loss.