PollHow do you think Banks exchange information between themselves?
      – BorgClown, 2009-06-13 at 03:43:05   (11 comments)

On 2009-06-13 at 03:44:10, BorgClown wrote...
How secure do your financial transactions travel over the Internet?
On 2009-06-13 at 10:46:23, Thelevellers wrote...
You forgot the 'No Clue' option :P
On 2009-06-14 at 00:01:14, BorgClown wrote...
Dang, I always forget something
On 2009-06-15 at 18:44:08, DigitalBoss wrote...
Inter-bank data communication is done over dedicated lines.
On 2009-06-22 at 11:31:45, Lee J Haywood wrote...
You also missed out unsecured connections (but obviously not e-mail) which is also an obvious choice... It's fairly well known that many ATMs don't bother to protect the data they send very well. And I guess the same applies to banks - they rely on the fact that if you're not employed by them then you won't know how to hack them. It's likely that the standards are very old but vulnerable to those working in the telephone industry and ex-employees. But then, much like forging cheques, fraud is a criminal offence and saying that the bank wasn't secure enough isn't a defence.
On 2009-06-24 at 02:43:47, BorgClown wrote...
Well, you're both right. They use dedicated lines, but inside them it's all in the open. The preferred information exchange format is plain text. When something very new is being implemented, it's not rare for information to travel on zip files by email. Unencrypted. It's as if the unofficial motto was "Money first, then security".
On 2009-06-25 at 20:31:44, Lee J Haywood wrote...
I find it amazing to see banks using Microsoft Windows. It's bad enough that they use a proprietary OS in the first place, without picking the worst one possible.
On 2009-06-27 at 03:08:18, BorgClown wrote...
ATMs, PCs and small servers use Windows, but the big iron is really hardened. No stinky MS products on the minis or mainframes. Just Unix and up. OTOH, lots of confidential information sits on those Internet-enabled Windows machines.
On 2009-08-01 at 15:57:48, Scarletxstarlet wrote...
Carrier pigeons.
On 2009-08-02 at 02:16:25, BorgClown wrote...
This week, as part of our current project, arrived a guy with a CD full of hundreds of thousands of rows of client and credit data. Huge UTF-8 text files, all unencrypted. They tried to email it first, but the unencrypted zip file was too big. Bank-grade security!
On 2009-08-02 at 02:17:37, BorgClown wrote...
To be fair, nowadays we're transferring those files by SFTP, so the link is actually reasonably encrypted.