[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bank transactions on Internet
Suddenly some banks here in Estonia have decided that they must start
offering banking services over Internet already during the next months.
What worries me is that some of them are talking about using 40-bit SSL as
the main security mechanism.
What about banks in US and Europe, how many of them are using Internet and
WWW to offer their services already? Is it possible to use WWW forms to
make real transactions or can you just view your transaction history and
account status? In case the banks are using WWW forms and SSL, are the
services limited to 128-bit clients?
How is the client authentication handled? Does the client just get a plain
username and password?
I had a look at some banks like Security First National Bank and some
others, and it seems that they use just SSL + username/password for they
banking services. Does this really work, especially with 40-bit keys?
SSL with client certificates would seem a little bit more secure once it
is available, but still not secure enough for real banking on Internet.
Just curious (and confused),
Juri Kaljundi
[email protected]