Wearable computing such as a watch with mobile apps are generally considered the next big thing. Quietly, vehicle internet integration is right behind and may well be as big in my view. I am a fan of German cars, and enjoyed GPS and stolen car location for some time.
However the internet smart car revolution is growing very rapidly and its not just German cars anymore.
This from Honda is very cool. Obvious advantages are music and maps. Think your itunes match being readily available on the car screen.
… and the second is the next-generation of its HondaLink app platform that mirrors apps from your smartphone to the display and in-car audio system.
The tools and platforms available today are expanding rapidly. So rapidly that it is very hard to keep up. All the more reason that banks, at least all big banks, should have innovation centres that are solely focussed on pushing the envelope with this stuff. We need to understand what this means and where the opportunities lie for transactional banking.
This geeky article basically says that Google will produce Microsoft Office type functionality in an app that will work on your mobile device or your laptop. The inference being that the files are stored in the cloud and are accessible anywhere from any device without purchased software.
We are getting further and further away from the concept of packaged software and hard drives.
RBS sufferred another crash of their computer systems resulting in customers having no access to debit and credit card systems on Monday. They are the only bank I am aware has their own wikipedia page devoted to their system problems.
This latest crash was similar to June 2012 when millions were left without access to their money.
The IT glitch – the bank’s fourth in two years – left millions of customers of RBS and its NatWest and Ulster bank subsidiaries unable to use credit and debit cards for three hours on Monday evening. Websites and smartphone apps were also affected.
I re-watched Inside Job again last night. Its a brilliant documentary on the 2008 banking crisis, and recommended watching for anyone interested at all in just how bad was the situation that culminated in September 15th, 2008.
So it was some ironical for me at least, that this morning the Economist Intelligence Unit came out with this new report. As is usual with EIU there is lots of empirical evidence and this statistic leapt off the page at me. More than half of bankers feel ethics get in the way of career progression. This statistic alone suggests that bank leaders, whose attitudes I believe drive culture, have much to learn.
…but executives struggle to see the benefits of greater adherence to ethical standards.
While respondents admit that an improvement in employees’ ethical conduct would improve their firm’s resilience to unexpected and dramatic risk, 53% think that career progression at their firm would be difficult without being flexible on ethical standards.
The same proportion thinks their firm would be less competitive as a consequence of being too rigid in this area.
I stand corrected. My post on the Google upgrade to their browser security was incomplete and the title was wrong. I appreciate the clearly written comment from @powdernine who clearly answered a question I had and that answer frames the difference between the # bits in the public key certificate and the # bits use in the encryption.
Bottom line is that Google now uses 128 bit encryption for gmail for example, and that is similar to most online banking with only a few going to 256 bit encryption.
Here is @powdernine comment.
I’m sorry but this post is incorrect. You are confusing the public key length of the certificate with the key length used by the cipher suite. All of the sites you mention have 2048 bit public keys on their certificates and use either 128 or 256 bit encryption. Google is replacing older 1024 bit certificates with 2048 ones, They were behind the times in that respect, but they still use 128 or 256 bit encryption like everyone else. Just go to the sites, click the little lock in the address bar and look at what it tells you. The one thing many financials don’t do is use Forward Secrecy, which the google post mentions. Forward Secrecy has only just started to gain popularity after the NSA information came out so not all financials have implemented yet.
I did a bit more research and self-education. RBC use an RSA public key with 2048 bits and encrypt at 128 bit. So we are clear on that now. Email is not more secure at least in terms of encryption. They are equal there.
However @powdernine notes the other point in the Google post regarding ‘forward secrecy’ which banks have not yet enabled. In fact by co-incidence even Twitter today enabled forward secrecy. Essentially this means that as Twiter explains:
If an adversary is currently recording all Twitter users’ encrypted traffic, and they later crack or steal Twitter’s private keys, they should not be able to use those keys to decrypt the recorded traffic.
Encryption and security is a fascinating area, and I am glad I have learned a bit more today.
EDIT: This post is corrected – please review comments:- Your email is now orders of magnitude more secure than your online banking–is that right?
This is not new because Google was already using 1024 bit security but with this upgrade to 2048 bit, it is time for banks to at least re-visit their security level and offer exper commentary. Most banks are using 128 bit (RBC for example) with some banks having already gone to 256 bit (Peoples Trust, Standard Chartered, Members Advantage Credit Union)
The reason Google are doing this is based on concern that the American Government through the NSA are able to decrypt what we have assumed is secure data transmission.
When internet started email and browsing activity was unencrypted and online banking was secure. Now the situation is reversed. Surely we should be looking at financial services access with at least as much rigour as email?
Out with the old: Stronger certificates with Google Internet Authority G2 | Google Security blog
We take the security and privacy of our users very seriously and, as we noted in May, Google has been working to upgrade all its SSL certificates to 2048-bit RSA or better by the end of 2013. Coming in ahead of schedule, we have completed this process, which will allow the industry to start removing trust from weaker, 1024-bit keys next year.
This announcement from Yahoo may sound innocuous but it has implications for the downrange targets of this blog, banks.
Our Commitment to Protecting Your Information | Yahoo.com
Today we are announcing that we will extend that effort across all Yahoo products. More specifically this means we will:
- Encrypt all information that moves between our data centers by the end of Q1 2014;
- Offer users an option to encrypt all data flow to/from Yahoo by the end of Q1 2014;
- Work closely with our international Mail partners to ensure that Yahoo co-branded Mail accounts are https-enabled.
Relevance to Bankwatch:
Banks are nowhere as complex as the Yahoos, Googles and Microsofts inasmuch as Banks typically have one or two datacenters, including backups. However banks have a host of legacy systems alongside new systems, and internal data traffic is significant. I recall 10 years ago discussing the concerns of system architects at the bank, and one significant one was the encryption of traffic between systems.
Bank security is based on the Hadrians wall approach by not letting anyone in. This approach begets the question that when anyone gets in, their access is unfettered. This is truly the Trojan Horse concern. Once access is gained, then the battle is lost, so maximum defence on the outer wall is prime priority. The corollary is that the Hadrians Wall defence will present uncomfortable restrictions on customer access.
I wonder how much most banks have gone down the road of encrypting data between their disparate systems that are within their network but are very different from each other.