Submission - Joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC (May 2007)
Q32 – Should the restriction on users acting ‘with extreme carelessness in failing to protect the security of all the codes’ under cl 5.6(e) be further elaborated or extended in some way? Should additional examples of extreme carelessness be given?
The term ‘extreme carelessness’ was considered necessary in the last Code Review because the drafters could not possibly anticipate all of the potential attacks and vulnerabilities in relation to access codes. It is a useful catch-all term that allows other parts of the Code to remain technology neutral. The Clause has overall merit and should be retained.
Reliance on this Clause is limited in practice.
The addition of examples, however, is more problematic. Typically, the example scenarios need to be debated amongst stakeholders to ensure there is common agreement about when liability might shift due to extreme carelessness. Great care is required in the drafting of such examples.
A suggested approach to improving Clause 5.6 (e) is:
- Retain the ‘extreme carelessness’ term in Clause 5.6 (e);
- Consider extending the scope of the Clause to include protecting the security of devices in line with the proposed Technology Neutrality Review; and
- Remove or limit the examples provided to scenarios which have clear agreement amongst stakeholders (this is a task for the Working Group).