We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Banking web site insecurities

Options
2»

Comments

  • takman
    takman Posts: 3,876 Forumite
    1,000 Posts Combo Breaker
    OldWilliam wrote: »
    I'll see your qualifications, and raise them with an Honours degree in pure Computer Science and a certificate from the (now defunct) National Specialist Law Enforcement Centre at Wyboston Lakes during a two-year secondment to a central government organisation.

    If you had not been so foolish as to enter into debate on a public forum without actually reading about the issue in question - despite having been given a fairly hard "nudge" that you ought to - you would now understand that the issue is not your knowledge, nor mine, but the (lack of) knowledge of the "average" (whatever that means) Internet user and what can, and should, be done by those who do understand security to minimise the risks for everyone using engineering so as not to rely on the knowledge of users. I won't set out here the details of what NatWest have decided to do, after initially refusing, because you appear to be a big grown up Internet user who does actually know how to use a browser - notwithstanding the fact that your personality defect drives you to leap into action without bothering to research what the relevant issues are.



    Yes. And if the destination page redirects you back to a Santander page, whether that landing page is secured or not, most users won't even know that they have even been redirected. I won't explain why that is directly relevant to information security because, from your posts, you are presently undertaking penetration testing without any appreciation whatsoever of the fundamentals of information security, or of the standards that a respectable financial services provider ought to observe, whether or not their practices are "outed" in the public domain.

    At least NatWest understood at a very late stage the consequences of trying to defend its position when being publicly criticised, and did a U-turn. But then, you don't need to read about why they did so, do you? :rotfl:

    [Hint: not all Internet users have degrees in Information Security]

    What a load of rubbish you started the post by saying how qualified you were and then wrote far to many words to simply say banks should make everything secure because that's what people want to see!.

    It doesn't matter what the general public think the banks should do to secure their websites. If it's not a security issue then it would be a waste of time and resources to change it.
    GraceCourt wrote: »
    Needless to say, I decided against opening a new savings account with them and invested our money with Tesco Bank instead.

    So you have moved your money to Tesco Bank which was recently hacked and money taken from thousands of people accounts because your worried about security at Santander :rotfl:
    GraceCourt wrote: »
    NatWest has folded to the pressure from security experts about this sort of sloppy behaviour but it seems Santander can't be bothered to take every care with their on-line security. We shall see if they, too, can withstand the heat of publicity once this becomes more widely known and understood.

    Let's hope that you now understand how it's not an issue.
  • RG2015
    RG2015 Posts: 6,048 Forumite
    Ninth Anniversary 1,000 Posts Name Dropper Photogenic
    Aagh!

    The world is about to end!

    The world is not about to end!

    It is!

    It isn't!

    Is!

    Isn't

    Aagh!
  • AndyPix
    AndyPix Posts: 4,847 Forumite
    Fifth Anniversary 1,000 Posts Name Dropper Photogenic
    edited 18 December 2017 at 10:42AM
    OldWilliam wrote: »
    <Talking lots without saying anything>


    School's out is it ?


    At least you made me chuckle - thanks for that :)
  • agrinnall
    agrinnall Posts: 23,344 Forumite
    10,000 Posts Combo Breaker
    OldWilliam wrote: »
    I'll see your qualifications, and raise them with blah, blah, blah...

    In the almost 6 years that you've been a member of the forum you have used your amazing qualifactions and vast brain to make a grand total 4 (count them!) posts. I've no idea whether any of them were of any help but I do know that AndyPix regularly posts things that are of great help to many people, so I know who I will place greater reliance on. Track record beats self-proclaimed expertise any time.
  • System
    System Posts: 178,341 Community Admin
    10,000 Posts Photogenic Name Dropper
    GraceCourt wrote: »
    Forum readers will have seen the breaking story this evening about the u-turn by NatWest over the issue of insecure (HTTP) links on its on-line banking web site, and in view of this it's worth pointing out a similar - but worse - issue relating to Santander.

    When a Santander customer has passed the usual security checks and is logged-in to their on-line banking account, on most pages they will see a vertical list on the right-hand menu offering links for making an application for a variety of financial products - new current account, new savings account, new loan application, etc., etc.

    But not only are these HTTP links, they don't even link to Santander's own domain - they all lead directly to doubleclick.net, which is an information aggregator owned by Google! The official answer from Santander, cleared for publication by their Press office, is as follows:

    Doubleclick click trackers are used within our Online Banking ‘Apply Now’ menu to measure the number of clicks each of the products generates so that we understand the popularity of those offers and to enable the destination of those links to be amended if required without an IT release to the Online Banking platform.

    The use of click trackers in this fashion does not generate data into the Google Doubleclick ecosystem that would allow another company to target a consumer with advertising on the basis of knowing they had been to a Santander website. Nor does it allow Google to collect any personal, non-anonymised information about any Santander customer who clicks on any of the links.

    Needless to say, I decided against opening a new savings account with them and invested our money with Tesco Bank instead. NatWest has folded to the pressure from security experts about this sort of sloppy behaviour but it seems Santander can't be bothered to take every care with their on-line security. We shall see if they, too, can withstand the heat of publicity once this becomes more widely known and understood.

    There is always someone somewhere prodding the security systems of companies which I commend and if the company feel it’s an issue they will fix it. However what I’m not going to do is jump companies every time a news story breaks of a potential security flaw.

    I take responsibility for my bank account and credit score and know what goes in and out of my account. The proof is in the pudding as they say and been with Santander/Abbey since 2001 with no issues so not about to put on the tin foil hat right now :rotfl:
    This is a system account and does not represent a real person. To contact the Forum Team email forumteam@moneysavingexpert.com
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.9K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.9K Work, Benefits & Business
  • 598.7K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture