APACS rejects House of Lords security recommendation

Top marks to the spin doctors at APACS, the UK's bank payments association for quietly burying a piece of negative news on Christmas Eve last week.

APACS has turned around and rejected calls from the House of Lords Science and Technology Committee to publish details of UK banks' online security records.

As part of its investigation into online security, the Lords committee said that, because security is far from uniform across the UK banking industry, information showing which banks are the most secure should be made available to customers.

In his original request, Lord O'Neill of Clackmannan said: "There is an unevenness about the security considerations. Some measures seem to be over-complicated, other seem to be unduly simplistic."

"APACS may not have the authority to impose things, but it can surely expose the inadequacies of some of the people who bring discredit on the rest of the members?"

Aha, m'Lord, but you overlooked one small item, namely that the UK payments association is owned by the banks it seeks to control and administer.

A bit like expecting a schoolkid with a sweet tooth to administer the school tuck shop in a responsible manner...

In its press statement, APACS says that naming and shaming banks with poor online security measures would do little to address the root cause of the problem.

According to Colin Whittaker, APACS head of security, there is no evidence that one bank is any worse off or better than any others.

"The level of security they deploy is relatively equal," he said, adding that trying to draw any judgement that this bank is stronger or weaker than another does not help us describe why that bank is attacked in the first place," he said.

Whilst APACS wibbles and prevaricates, I'll let the figures speak for themselves: The number of phishing attacks in the UK has risen by around 8,000 per cent between January, 2005 and September, 2006.

Somewhat laughably, APACS claims that phishing attacks `cost' the banks some 23.2 million quids during 2005.

And guess who ends up having to pay for the phishing?

Duh, the customers, silly...