Metropolitan Police chief Sir Bernard Hogan-Howe said that the system “rewards” the public for being lax about internet security.
He said a rethink might alter behaviour over passwords and security software.
Consumer group Which? said the burden of protection should lie with banks.
“With online fraud increasing, this is an astonishingly misjudged proposal from the Met Police Commissioner,” said Which? executive director Richard Lloyd.
“When we investigated last year, we found too often that banks were dragging their feet when dealing with fraud. The priority should be for banks to better protect their customers, rather than trying to shift blame on to the victims of fraud.”
Losses due to internet banking fraud in the UK rose by 64% in 2015 compared with a year earlier, to £133.5m.
Customers who become the victims of online fraud can expect to receive a full refund on any losses from their bank or card supplier, unless they have been “grossly negligent”.
In relation to these refunds, Sir Bernard told the Times: “If you are continually rewarded for bad behaviour you will probably continue to do it but if the obverse is true you might consider changing behaviour.
“The system is not incentivising you to protect yourself. If someone said to you, ‘If you’ve not updated your software I will give you half back’, you would do it.”
The comments were also criticised by Saga, which offers services for older people.
“Blaming the victims of crime is no way for anyone to behave let alone the Metropolitan Police Commissioner. Keeping up with scams is almost a full-time job,” said Paul Green, of Saga.
“Society expects the banks and the police to be able to keep us safe from this type of crime – if they’re unable to keep up with the ever sophisticated nature of this fraud, what chance do the rest of us have.
“This is a particular problem for older people that could result in them feeling digitally isolated for fear of becoming a victim and then being blamed by those who they expect to protect them.”
Lucy Hastings, director at the independent charity Victim Support, said: “We know from our experience of reaching out to thousands of fraud victims every year that many never come forward because they feel ashamed or embarrassed that they have fallen victim to fraud.
“Unfortunately, these comments only serve to reinforce these perceptions and may further discourage people from seeking help.”
The Met said that the commissioner’s comments were not about blaming victims. Sir Bernard argued that banks needed to consider investing more in their security systems.
“My argument is to at least consider design. Car designers decided 20 years ago to make cars harder to steal and it worked for a long time,” he said.
What can you do to protect yourself?
- Ensure you have the most up-to-date security software installed on your computer, including anti-virus. Some banks offer free security software; details are on their websites
- Browsers often come with security features built in. Make sure they are activated
- Only shop on secure websites. Before entering card details ensure that the locked padlock or unbroken key symbol is showing in your browser
- Create strong passwords and use different ones for different accounts. For a secure password, use three words or more and include a symbol and use upper and lower case letters and numbers
- Do not keep a note of passwords where they could be lost or stolen, such as in your wallet or next to your personal device
Source: Financial Fraud Action
There are various types of personal financial fraud, ranging from cloning of debit and credit cards to scams which trick people into believing their bank account has been compromised and encouraging them to move funds into a fraudster’s account.
In October, banking giant RBS revealed that 70% of its customers who fell victim to a scam did not get a single penny back. Almost 5,000 of the bank’s customers fell victim to various scams in the first nine months of last year – at a total cost of more than £25m.
The average cost of falling for a scam had risen by 40% since 2014, to more than £13,000, the bank said. Many victims had agreed to transfer money to a fraudster so did not seek, or were not given, a refund.
A spokesman for Financial Fraud Action UK said: “There are strong legal protections in place for consumers against unauthorised transactions on their bank card or account. The ongoing priority for banks is supporting customers to spot the warning signs of fraud and avoid becoming a victim.”
He said that banks stopped 70% of fraud attempts, so criminals were now targeting consumers directly.
“Fraudsters are using deception and impersonation scams to trick people into giving away their personal or financial details. This can also include tricking victims into transferring money directly to the fraudster, meaning they do not always have the same legal protection and may not get a refund.”
Police will include cybercrime estimates in official crime statistics for the first time in July.