Eric Liu Longtao: Who should be responsible for security incidents in online banking?

If three years ago in China, using online banking was as fashionable as talking about the latest Hollywood blockbusters. Three years later, at least in the city, wearing slippers sitting at home, with a coffee in one hand, a small mouse to complete a transfer or stock trading, is becoming more and more common.

Easy, fast trading features are like a deadly temptation, contributing to the past few years of China's online banking customers like spring grass soaring. In 2006, China's online banking users have reached 71 million, including 70 million of their personal customers, the market consultancy estimates. This means that 20 of people are using online banking. If confined to urban areas, the above proportion is higher.

At the same time, although banks have continued to upgrade their network of silver, but the theft of net silver is still frequent, net silver security is becoming the network of users and potential customers of the main concerns. Behind the theft, it should be blamed for the bank's technical system does not pass, or the customer's own carelessness, or the absence of supervision, is becoming a matter of urgency to be clear.

Does the bank keep the public version?

At present, online banking generally distinguish between the public and Professional Edition. According to statistics, at present more than 90% of the cases occurred in the "popular version" of online banking. Liu Longtao, a market-consulting analyst, told reporters that apart from the difference in service content, the difference lies in the professional version of the digital certificate and U-Shield technology.

In his view, Professional edition is like a black box, personal information like the key to open the black box. There is one in the box. Other people have no other way of getting in unless they get the key from the client and open the box. "In the net silver technology, we can say is to connect with the world." ”

Liu Longtao to reporters, the current main problem is: Online Banking The safest line of defense (digital certificate) has not been popularized, the vast majority of users are still popular version of "card number + password" users. Digital certificate users Online banking is very unlikely to be stolen, even if it is stolen, the Third-party Digital certification authority is also clearly willing to assume liability.

Although the public version of the service content is limited, but the opening is relatively simple. In contrast, the professional version of the opening of the need for relatively cumbersome procedures, and a certain fee (such as the user to buy ICBC U Shield needs to spend 60-70 yuan). Therefore, the popular version can maximize the attraction of potential customers, in favor of the further promotion of net silver. But there is no denying that its security is indeed lower.

Reporters browsing the http://www.aliyun.com/zixun/aggregation/18993.html "> Bank website notes that for the use of digital certificates and USB keys, banks are generally only recommended, not a mandatory scheme. A net bank customer said to the reporter, he felt that since there is no mandatory application, the bank can guarantee their own capital security, but also on the digital certificate did not pay much attention.

Statistics show that China's current online banking users, digital certificate user under 5%. A lawyer told reporters that the lack of access to digital certificates was clearly not a personal issue. Banks should be blamed for the fact that if they do not have a digital certificate, their users ' online accounts and passwords may be stolen and still provide 95% of users with online payment services.

Customers do not develop good habits

Even so, most of the bank-fraud cases still stem from customers ' own failings. In fact, customers in the online world are likely to lose their personal data in many ways, or they may have been robbed, according to Liu Longtao, a market-consulting analyst, who has been able to transfer their account funds through net Bank.

For example, he said, for example, some customers were careless, registered their personal information materials on some false websites (phishing), opened some unknown e-mails, stolen personal information from the Trojan virus, and liked to use their birthdays as passwords and so on.

He also deliberately emphasized a number of non technical factors. For example, from some of the net silver cases have been found, there are no lack of acquaintances to do the case. "Acquaintances know best about your temperament, and in this regard, it is particularly important to protect personal information." "Liu Longtao said.

Customers should be responsible for their own bad habits, on the other hand, banks should also do their full obligation to prompt.

Absence of supervision

In addition to banks and customers, the security of net silver, in fact, reflects the absence of supervision. This is reflected in the lack of specific targeted regulations on online banking. For the network silver industry chain of various subjects, such as banks, network technology companies, financial certification bodies, customers and other lack of system of power and responsibility arrangements.

One person in the industry pointed out that this is actually related to the overall regulatory regime and regulatory level in our country. It is obviously a challenging task to find a balance between safeguarding security and promoting the development of internet banking in order to keep pace with the modern financial revolution.

In the case of these problems can not be solved by the system, the customer's net bank funds security problem, is still hanging in its head a Damocres sword.

Liu Longtao that the security of online banking can be summed up in the main issues of three levels:

The first is the user's security awareness and behavior habits issues. At present, the net silver safety accident happened in the market is mostly caused by the lack of the user's safety consciousness, and it is seldom due to the lack of net silver technology.

Next is the bank's propaganda education and the question of the clue. After all, online banking is a new thing, banks as the initiator and the promotion of online banking have the responsibility and obligation to the vast number of netizens to carry out security awareness education and publicity.

Finally, the government's regulatory problems. At present, there is no clear laws and regulations on the supervision of the security of the net Bank and the protection of the rights and interests of the Internet bank, and it is still vague and controversial that the responsibility and how to divide and define the responsibility of online banking in the event of security accident.

Shanghai Securities News reporter Xiaixiaodong--April 2 Report