User education for online banking customers on how to avoid phishing scams has been likened to nailing jelly to a wall as this form of commonsense defense has failed to work time and time again.

The failure of customers to secure their own monies for an Internet transaction, either by not using correct or up-to-date software, could potentially lead banks to pass off the responsibility of financial losses back to the customer.

Paul Henry, senior vice president of Secure Computing, said lots of financial organizations have done a great deal of customer education in response to phishing attacks.

But it has done very little, Henry said, because commonsense isn't applicable when dealing with phishers.

"Even if you manually enter a URL security is obsolete as phishers have created Trojan code that modifies the host file on Windows to automatically redirect," he said.

"Phishers can also attack a router and redirect information to a different server - user commonsense is no longer valid.

"It is amazing how many banks have servers compromised to host phishing sites.

"It is now more common to attack a network in a bank because it is the last place someone would look. Phishers need to eliminate the number of e-mails sent out to reduce the noise and just focus on, say, 100 e-mails directed towards employees of a bank.

"I think banks will be passing the costs of losses to phishing scams onto the customer in the next two years."

Henry said banks are reluctant to refund losses if an account is hijacked.

For example, he said a Bank of America customer had a PC compromised with a Trojan losing $90,000 from the account.

The funds were sent to a bank in an European country -- with $20,000 taken out immediately.

Although the theft is currently before U.S. courts, Henry said the Bank of America has adopted the attitude that a Trojan on your PC is "your problem".

"The defendant claims he was told to move to Internet banking by the bank and from the bank's perspective, Internet banking reduces the cost of transactions enhancing profits; if the court rules in the bank's favor then that is a bad precedent," Henry said.

David Bell, chief executive of the Australian Bankers' Association (ABA) said systems are in place to constantly monitor online transactions.

For more enterprise computing news, visit For more gaming news, visit GamePro. http://www.gamepro.com/ Story copyright GamePro Media."http://www.computerworld.com/">Computerworld. Story copyright Computerworld, Inc.