RT Article
T1 International comparison of bank fraud reimbursement: customer perceptions and contractual terms
JF Journal of Cybersecurity
A1 Abu-Salma, Ruba
A2 Stringhini, Gianluca
A2 Sasse, M Angela
A2 Murdoch, Steven J
A2 Hutchings, Alice
A2 Bohm, Nicholas
A2 Becker, Ingolf
A2 Anderson, Ross
LA English
YR 2016
UL https://krimdok.uni-tuebingen.de/Record/1866143972
AB The study presented in this article investigated to what extent bank customers understand the terms and conditions (T&Cs) they have signed up to. If many customers are not able to understand T&Cs and the behaviours they are expected to comply with, they risk not being compensated when their accounts are breached. An expert analysis of 30 bank contracts across 25 countries found that most contract terms were too vague for customers to infer required behaviour. In some cases the rules vary for different products, meaning the advice can be contradictory at worst. While many banks allow customers to write Personal identification numbers (PINs) down (as long as they are disguised and not kept with the card), 20% of banks categorically forbid writing PINs down, and a handful stipulate that the customer have a unique PIN for each account. We tested our findings in a survey with 151 participants in Germany, the USA and UK. They mostly agree: only 35% fully understand the T&Cs, and 28% find important sections are unclear. There are strong regional variations: Germans found their T&Cs particularly hard to understand, and USA bank customers assumed some of their behaviours contravened the T&Cs, but were reassured when they actually read them
DO 10.1093/cybsec/tyx011