Online fraud victims who do not take appropriate security steps to protect themselves should not be refunded by banks, according to Britain's most senior police officer.
In an interview with The Times, Metropolitan Police Commissioner Sir Bernard Hogan-Howe, said online fraud refunds reward bad behaviour and that as an incentive to combat this, perhaps those who do not protect themselves with the appropriate security software should not get their cash back. See how to protect yourself online in our 30 Ways to Stop Scams guide.
Sir Bernard said people are not incentivised to protect themselves currently.
He told The Times: "If someone were to say, 'look if you've not updated your software, I'll give you half back', you would do it.
"Personally, on my system I've got a propriety security software and I got an update a few months ago and it sat there for months, I didn't quite get round to it.
"I don't suppose I'm much different to anyone else but I guarantee if someone said to me 'if your card is done or something happens online I'll give you nothing back', you'd change your behaviour.
"You can incentivise people to protect themselves. My broad point is that if you are continually rewarded for bad behaviour you will probably continue to do it. But if the obverse is true you might consider changing your behaviour."
'Banks should protect the public'
Responding to Sir Bernard's comments, MoneySavingExpert.com founder Martin Lewis says: "Banks are no longer purely private companies. We bailed them out and they are too big to fail, so they do and should have a public protection remit.
"Computer fraud is complex and banks have a responsibility to help protect the public against it. There used to be a negligence rule that said if the public were negligent, they should have to pay for fraud – eg, not having antivirus software.
"So Bernard Hogan-Howe seems to want to rekindle that. I have some sympathy with his view but think he has set the hurdle of negligence far too low. There are many people not capable of being culpable, such as those with mental health issues, mental capacity issues or simply older people who are not IT-literate.
"If people are capable, it should only be when they show true negligence that they may have to shell out – for example, someone twice defrauded being told to get antivirus protection, but where they've not bothered, solely as they think they’re not liable, and are then defrauded a third time.
"But only in these extreme cases should this ever be considered. And it should not be up to the banks to decide. The general rule should be the banks should protect the public."
Additional reporting by the Press Association.