Banking security. | General comparisons | Discussion forum

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Banking security.
February 4, 2017
3:21 pm
mmlt
Member
Members
Forum Posts: 168
Member Since:
February 4, 2017
sp_UserOfflineSmall Offline

Hi all. Nice to find this forum. I've been looking around a bit and lots of info to digest.
I've been looking around for deals on GICs and savings accounts. Cannex.com has been very helpful.

I see some decent deals from little unknown(to me) credit unions. My first chore was to test site security at ssllabs.com. Results were mixed on the few I checked.

Hubert was the first to draw my interest. Yesterday they got a poor ssl report. I emailed them about it. Never heard back. Today they are receiving an A.
Alterna rated an A today but will be downgraded to C this month if updates are not applied.
Peoples Trust was a strange one. They do not implement ssl throughout the site. I had trouble running sslabs test. I did manage to run the test on their login address and it reported an A.
Hubert, Outlook Financial, and Steinbach Credit Union reported solid A.
Oaken and Achieva got B.

That's as far as I got. One needs to know the online bank they deal with is secure. Good idea to run your own tests at ssllabs.com. A+ is a possible score but I've rarely run across it.

February 5, 2017
1:16 am
Loonie
Member
Members
Forum Posts: 9395
Member Since:
October 21, 2013
sp_UserOfflineSmall Offline

I must admit that I know nothing about this, and don't really know what you are reporting on.
But why would ratings change so frequently and substantially?

February 5, 2017
6:10 am
JenE
Member
Members
Forum Posts: 417
Member Since:
May 24, 2016
sp_UserOfflineSmall Offline

I'd be interested in learning about this too.

February 5, 2017
7:39 am
ertyu
Member
Members
Forum Posts: 137
Member Since:
January 4, 2015
sp_UserOfflineSmall Offline

Like all software products, there are constantly new flaws discovered. TLS/SSL is no exception. Today it can be very difficult to perfectly configure website security, a small change can have a large affect. And tomorrow a new flaw might be discovered that requires another change. Keeping on top of this can be very difficult, ssllabs.com has done wonders to increase awareness, keep track of flaws and weaknesses and point people in the right direction to improving security. Keep in mind that a lower score does not mean a site is insecure. There are often very valid reasons for TLS configurations that produce lower scores, such as supporting an older web browser that many people still use.

February 5, 2017
9:42 am
Norman1
Member
Members
Forum Posts: 7196
Member Since:
April 6, 2013
sp_UserOfflineSmall Offline

Also, some of the vulnerabilities tested for don't really apply to online banking.

The example of Alterna Bank rated A now and C in a month is because their site allows triple DES encryption, a cipher that has a 64-bit block size. That makes their site hypothetically vulnerable to a Sweet32 attack.

However, Sweet32 attack requires about 785 GB of traffic in one single session. That much data over a high-speed 10 MBit/sec Internet connection would take at least 7½ days to transfer!

To be vulnerable, someone would have to sign into online banking, stay signed into the same session for at least 7½ days, and have downloaded the equivalent of 190 DVD movies worth of data in that same session.

February 5, 2017
1:57 pm
mmlt
Member
Members
Forum Posts: 168
Member Since:
February 4, 2017
sp_UserOfflineSmall Offline

Good info Norman1 and ertyu. Thanks.

I'm not up on the technical end of things by any means. All I have to go on is the score posted. At one time, I thought the padlock or https was good enough but its more complex than that.
I would also like to see banks, credit unions, etc. use 2FA.
I have been using a pay-for Vpn service in recent years and that has proven well worth the money.

February 5, 2017
7:33 pm
Loonie
Member
Members
Forum Posts: 9395
Member Since:
October 21, 2013
sp_UserOfflineSmall Offline

So, is there any advice for those of us who don't have a clue?

February 6, 2017
12:41 pm
mmlt
Member
Members
Forum Posts: 168
Member Since:
February 4, 2017
sp_UserOfflineSmall Offline

Loonie said
So, is there any advice for those of us who don't have a clue?  

You should check the websites you deal with for security. Use an up to date browser.
Go to ssllabs.com. Copy the address of the site you want to check to their input box. The test will run. It may take a few minutes. Your email service is a good one to check first. Most return an A and rarely an A+.

You want to make sure your private data is secure.

February 6, 2017
8:25 pm
Loonie
Member
Members
Forum Posts: 9395
Member Since:
October 21, 2013
sp_UserOfflineSmall Offline

thanks.
but, then, you are also saying that these ratings may change often and I may not know what that means? how do I deal with the results of my inquiry?

February 7, 2017
6:17 pm
mmlt
Member
Members
Forum Posts: 168
Member Since:
February 4, 2017
sp_UserOfflineSmall Offline

The ratings should not change if the tech department of said business keeps up with upgrades. My general rule is A is safe. Anything less is not acceptable to me. Good idea to run these tests occasionally for your own protection.

I'm not savvy enough to make sense of the technical aspects regarding ssl.

April 2, 2017
10:49 am
Sonz
Member
Members
Forum Posts: 18
Member Since:
March 19, 2017
sp_UserOfflineSmall Offline

To be clear mmit do you go to this site:
https://www.trustworthyinternet.org/ssl-pulse/
Then enter the web address from the online banking page?

HERE ARE SOME RATINGS.....

PEOLES TRUST: A
https://www6.memberdirect.net/brand/bc_peoplestrust/OnlineBanking/Accounts/

OUTLOOK FINANCIAL: A
https://www6.memberdirect.net/brand/celero_outlook/OnlineBanking/Accounts/

Both Peoples and Outlook use the same outsourced online banking solutions provider called Member Direct. That is why the online experience appears very similar…https://www.central1.com/digital-payments/direct-banking-solutions

IMPLICITY: A
https://www.implicity.ca/OnlineBanking/

HUBERT: A
https://secure.happysavings.ca

ACHIEVA: B
online.cambrian.mb.ca

OAKEN: B
https://online.oaken.com/cb/pages/jsp-ns/login-cons.jsp

ROYAL BANK: Domain name is too large (param d) - GOT THIS ERROR MESSAGE
https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&LANGUAGE=ENGLISH&_ga=1.25809848.403504681.1491154207

SCOTIABANK: A-
https://www2.scotiaonline.scotiabank.com/online/authentication/authentication.bns

TD CANADA TRUST: A
https://easyweb.td.com/waw/idp/login.htm?execution=e1s1

April 2, 2017
12:03 pm
Sonz
Member
Members
Forum Posts: 18
Member Since:
March 19, 2017
sp_UserOfflineSmall Offline

I'm going to open an account with Alterna one of these days... they are rated A today and C in the near future... I suppose the threat of hacking has become so pervasive the IT geniuses have to build a virtual Fort Knox daily.

https://blog.qualys.com/ssllabs/2017/01/18/ssl-labs-grading-changes-january-2017

Interesting article on credit unions getting in the banking (CDIC insured) game...http://www.theglobeandmail.com.....e32587351/

April 20, 2017
10:07 am
mmlt
Member
Members
Forum Posts: 168
Member Since:
February 4, 2017
sp_UserOfflineSmall Offline

Thanks for sharing Sonz.

Please write your comments in the forum.