International comparison of bank fraud reimbursement: Customer perceptions and contractual terms

Becker, Ingolf; Hutchings, A; Abu-Salma, Ruba; Anderson, Ross; Bohm, Nicholas; Murdoch, Steven; Sasse, Angela; Stringhini, Gianluca

View / Open Files

Published version (PDF, 356Kb)

Authors

Becker, Ingolf

Hutchings, A

Abu-Salma, Ruba

Anderson, Ross

Bohm, Nicholas

Murdoch, Steven

Sasse, Angela

Publication Date

2018-06-01

Journal Title

Journal of Cybersecurity

ISSN

2057-2085

Publisher

Oxford University Press

Volume

Issue

Pages

109-125

Type

Article

This Version

VoR

Previous Version(s)

https://www.repository.cam.ac.uk/handle/1810/277174

Metadata

Show full item record

Citation

Becker, I., Hutchings, A., Abu-Salma, R., Anderson, R., Bohm, N., Murdoch, S., Sasse, A., & et al. (2018). International comparison of bank fraud reimbursement: Customer perceptions and contractual terms. Journal of Cybersecurity, 3 (2), 109-125. https://doi.org/10.1093/cybsec/tyx011

Abstract

We set out to investigate how customers comprehend bank terms and conditions (T&Cs). If T&Cs are incomprehensible, then it is unreasonable to expect customers to comply with them. An expert analysis of 30 bank contracts across 25 countries found that in most cases the contract terms were too vague to be understood; in some cases they differ by product type, and advice can even be contradictory. While many banks allow customers to write PINs down as long as they are disguised and not kept with the card, 20% of banks do not allow PINs to be written down at all, and a handful do not allow PINs to be shared between accounts. We test our findings on 151 participants in Germany, the US and UK. They mostly agree: only 35% fully understand the T&Cs, and 28% find that sections are unclear. There are strong regional variations: Germans find their T&Cs particularly hard to understand, but Americans assume harsher T&Cs than they actually are, and tend to be reassured when they actually read them.

Sponsorship

This work was supported by The Royal Society [grant number UF110392] to SJM; the Engineering and Physical Sciences Research Council [grant number EP/G037264/1] to IB; the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHSS T/CSD) Broad Agency Announcement 11.02, the Government of Australia and SPAWAR Systems Center Pacific [contract number N66001-13-C-0131] to AH.

Funder references

Engineering and Physical Sciences Research Council (EP/M020320/1)

Identifiers

External DOI: https://doi.org/10.1093/cybsec/tyx011

This record's URL: https://www.repository.cam.ac.uk/handle/1810/279983

Rights

Attribution 4.0 International

Licence URL: http://creativecommons.org/licenses/by/4.0/

Statistics

Total file downloads (since January 2020). For more information on metrics see the IRUS guide.

The following licence files are associated with this item:

Creative Commons

Except where otherwise noted, this item's licence is described as Attribution 4.0 International