|
|
Submission - Joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC (May 2007)
Full Contents
- 1. Executive Summary
- 2. Marketplace Developments
- 3. Growth in Online Fraud
- 4. Regulatory Developments
- 5. EFT Code, Part A (Scope and Interpretation)
- 6. EFT Code, Part A (Requirements)
- Q12 – Should the requirement in cl 3.1 to provide written notification in advance of an increase in a fee or charge be replaced by another process? For example, should the notice appear in the national or local media on the day on which the increase starts?
- Q13 – Should cl 4.1(a) be revised to allow users to ‘opt-in’ to receive a receipt?
- Q14 – Should cl 4.1(a) be revised to deal with the problem of ATMs or other machines running out of paper for receipts? If so, how should it be amended?
- Q15 – Should cl 4.1(b)(v) be changed to allow a receipt for an EFT transaction by voice communication to specify the merchant identification number instead of the name of the merchant to whom the payment was made?
- Q16 – Should the EFT Code give more guidance on cl 4.1(a)(viii) regarding balance disclosure on receipts? If so, what guidance should be added?
- Q17 – Is there duplication or inconsistency between Part A of the EFT Code and the requirements of the Corporations Act that should be reviewed? How should any such issues be dealt with?
- Q18 – Are there aspects of the product disclosure regime under the Corporations Act that should be adopted as part of the regulatory framework under Part A of the EFT Code?
- Q19 – Should cl 7 be revised to specifically require subscribing institutions to identify and correct discrepancies between amounts recorded on the user’s electronic equipment or access method as transferred, and amounts recorded by the institution as received? What are your views on the suggested redrafting?
- Q20 – Should the EFT Code include a definition of the term ‘complaint’ under cl 10? If so, should it adopt the definition in AS ISO 10002–2006? Does the standard sufficiently address uncertainty about what is a complaint for the purposes of the EFT Code? Are there any other steps that might be taken to assist stakeholders to understand what is meant by a complaint under the Code?
- Q21 – Should AS ISO 10002—2006 become the required standard for internal complaint handling under the EFT Code?
- Q22 – Should account institutions be given a brief period within which to investigate a complaint before they must give the complainant written advice on how they investigate and handle complaints (as required under cl 10.3)? If so, what is an appropriate period?
- Q23 – Should any changes be made to the timeframe for resolving complaints under cl 10 of the EFT Code?
- Q24 – Do you have information or views about the level of compliance with cl 10?
- Q25 – Has the procedure in cl 10.12 been an effective incentive to compliance? Are further incentives required, and if so what form should they take?
- Q26 – Should the EFT Code be amended to cover situations when the subscribing institution is unable to, or fails to, give the dispute resolution body a copy of the record within a certain time? If yes, should the Code specify that a dispute resolution body is entitled to resolve a factual issue to which a record relates on the basis of the evidence available to it?
- Q27 – Should there be a time after which EFT Code subscribers are no longer required to resolve complaints about EFT transactions on the basis set out in Part A of the Code?
- 7. EFT Code, Part A (Liability)
- Q28 – Should account holders be exposed to any additional liability under cl 5 for unauthorised transaction losses resulting from malicious software attacks on their electronic equipment if their equipment does not meet minimum security requirements? Do the benefits and costs of extending account holder liability justify such an extension of cl 5? What implementation issues would have to be addressed?
- Q29 – Should an additional example be included in cl 5.6(e) specifically referring to the situation when an account user acts with extreme carelessness in responding to a deceptive phishing attack?
- Q30 – Apart from this possible clarification, should account holders be exposed to any additional liability under cl 5 for unauthorised transaction losses because of a deception-based phishing attack? Do the benefits and costs of extending account holder liability justify such an extension? What implementation issues would have to be addressed?
- Q31 – To what extent has the restriction on using a user’s name or birth date under cl 5.6(d), been relied on?
- Q32 – Should the restriction on users acting ‘with extreme carelessness in failing to protect the security of all the codes’ under cl 5.6(e) be further elaborated or extended in some way? Should additional examples of extreme carelessness be given?
- Q33 – Should the EFT Code specifically address the situation when an unauthorised transaction occurs after a user inadvertently leaves their card in an ATM machine?
- Q34 – To what extent is unreasonable delay in notification of security breaches by account users currently an issue? Please provide on the frequency and cost of such delays, if possible. (You may wish to provide this information on a confidential basis.)
- Q35 – Should the circumstances when the account holder is liable on the basis of unreasonably delayed notification under cl 5.5(b) be extended to encompass unreasonable delay in notifying online security breaches of which the user becomes aware?
- Q36 – Should the standard of ‘unreasonably delaying notification’ under cl 5.5(b) be replaced by a specific time after which the account holder is liable? What would be an appropriate time, if such a change were introduced?
- Q37 – To what extent do subscribing institutions currently use the other ‘no fault’ liability provision in cl 5.5(c)?
- Q38 – Is there a case for increasing the current ‘no fault’ amount of $150? If so, on what basis and what should the new amount be?
- Q39 – Should subscribers prohibit in their merchant agreements the practice of taking customers’ PINs or other access codes as part of a ‘book up’ arrangement? If so, should this be subject to any exceptions; and, if it should, what should those exceptions be?
- Q40 – Should cl 6 be reformulated to clarify that the subscribing institution is liable for any failure resulting from equipment malfunction when they have agreed to accept instructions through that equipment?
- Q41 – To what extent, and how, should the Code address the issue of mistaken payments? Discuss the usefulness, practicality and cost of implementing some or all of the measures outlined, as well as any other measures you consider appropriate.
- 8. EFT Code, Part B (Scope and interpretation)
- 9. EFT Code, Part B (Obligations)
- 10. EFT Code, Part C (Privacy and electronic communications)
- 11. EFT Code, Part C (Administration and review)
- 12. Other issues from ASIC Consultation Paper
- 13. Additional Consumer Issues
- 14. Appendix 1 – Authentication Technologies
- 15. Appendix 2 – Resources
|
|
![[2018 Global Cloud Computing Readiness Scorecard]](/public/ssi/pubs/pub_1.png)
print this page
sitemap
rss news feed
manage email subscriptions
