A large chunk of cyber crime is possible thanks to lax security among bank customers, rather than within bank HQs. When individuals use outdated browsing software, fail to install proper antivirus protection, or use similar passwords for their online purchases and their financial affairs, it makes hacking that much easier.
Surely, then, it makes sense to encourage customers to address their own vulnerability. A combination of carrot and stick would work: an encouragement to upgrade, followed by a curtailment of access to bank services if the customer fails to change behaviour, perhaps even a financial penalty if a fraud occurs. This will be controversial, especially as banks’ reputations are still tarnished by the financial crisis and multiple scandals.
“Controversial”? Ya, think? While it is possible that customers contribute to their own vulnerability, I have yet to see it contribute in any significant way to bank vulnerability. I’m not sure that banks have the moral authority to push good cyber hygiene onto their customers. Perhaps banks should first focus on their own cyber hygiene and moral (ethical, legal, etc.) behaviors.