Great if it works, but I guess now this becomes a war of definition & gamification.
Brit banks must disclose outages via API, decrees finance watchdog
The Financial Conduct Authority (FCA) is enforcing new rules that obligate banks to publicly reveal the number and frequency of online outages – including whether these were caused by malicious actors. Billed as part of consumer-friendly changes to the small print for online banking services, new rules from the FCA and the …
COMMENTS
-
-
Thursday 16th August 2018 18:08 GMT Daniel von Asmuth
APIs
FIrstly, try the good old ICMP echo a.k.a. 'ping' API. If the remote server does not respond, there may be an outage. If that is not sophisticated enough for you, SNMP is your friend.
Secondly, these banks have APIs for interbank payments and customer transactions. You only have to create an automated system that tries to make bank transactions on-line. If thers fail, you may be looking at an outage.
-
Thursday 16th August 2018 09:08 GMT Guus Leeuw
Dear Sir,
"complaint" or "compliant"?
So, the FCA is thinking that the general population cares about these numbers? The general population cares when there's an outage. Soon as the outage is over they'll continue regardless.
I seriously doubt that the population will wipe out a bank (by leaving it en masse) just because the number of outages is > 0 or whatever your threshold is... Or that they even read the number in question.
Best regards,
Guus
-
-
-
Thursday 16th August 2018 10:08 GMT Uberior
Well Pascal, you are either a fool or a liar if you claim you can't tell the difference between:-
Bank of Scotland - Constituted by an act of Parliament in 1695
The Royal Bank of Scotland - Constituted by an act of Parliament in 1727
Here's another clue, until the 1980s, you were unlikely to be employed by BoS if you were Catholic and unlikely to be employed by RBS is you were Protestant.
-
Thursday 16th August 2018 10:14 GMT smudge
Here's another clue, until the 1980s, you were unlikely to be employed by BoS if you were Catholic and unlikely to be employed by RBS is you were Protestant.
Lived in the Highlands till 1978, and never heard of that at all.
Presumably you're talking about a 50 mile radius centred on Glasgow?
-
Thursday 16th August 2018 14:53 GMT d3vy
Smudge?
Where in the highlands?
Because I lived in the Hebrides until the late 90s and its common knowledge (in fact it's the reason that I have a BOS account) and other family members who lived on the south island have RBS accounts.. not through choice, those were the only options for local banking.
-
-
Thursday 16th August 2018 12:41 GMT Spanners
@Uberior
unlikely to be employed by RBS is you were Protestant.
A relative of mine was/is a protestant and a couple of years ago retired at the end of a, full length, successful career in the RBoS. Perhaps that bo***cks did not get to the northern isles?
FYI - what post-retiral work does senior bank staff want? He is a tour guide in a distillery!
-
-
-
-
Thursday 16th August 2018 10:57 GMT Alister
“More than any other industry, banks still contain a mix of archaic legacy systems, new cloud platforms, and yet are under pressure to accelerate their software development to combat the threat of their ‘digital-first’ competitors,” opined Dave Anderson, a marketing bod
Thanks for that. Perhaps if marketing could keep their noses out of IT then banks would not be "under pressure to accelerate their software development" to the point where it is untested and insecure?
-
-
-
Thursday 16th August 2018 13:49 GMT Anonymous Coward
Re: Obligate!
DOUBLE THIS!! I am obliged to tell you that obligated is a US English bastardisation. As well as my blood pressure increasing when I see this, I am always reminded that nobody in the US does is ever burgled and thus there are no burglars. Just burglarizers, who eventually, according to the US English logic, will leave ther victims buglarizered instead of just burgled.
-
Thursday 16th August 2018 14:41 GMT Alister
Re: Obligate!
I am obliged to tell you that obligated is a US English bastardisation.
I am obliged to tell you that you are talking bollocks.
Obliged and obligated do not mean the same thing, and there is a clear distinction.
To be obliged means you are indebted to someone for some service or favour.
Obligated carries a slightly different meaning, in that the subject is forced to do something because the law or morality requires it.
-
Thursday 16th August 2018 16:25 GMT Anonymous Coward
Re: Obligate!
Google 'define oblige' and the first definition is "make (someone) legally or morally bound to do something" - same as your alleged definition of obligated. Stop trying to split hairs and pretend their is any nuance in different usages. Funny how I never heard of obligated in 50 years of reading and speaking UK English until I started seeing US web sites/bloggers use it a few years ago. I never heard anyone in UK use this verbally and only in writing in recent years as a result of its visibility in US sites, as noted. Funny how I've rarely seen a US English speaker/writer use oblige.
Goodbye.
-
Thursday 16th August 2018 19:58 GMT Alister
Re: Obligate!
Did you by any chance Google "define obligate" or did you miss that bit?
From the OED:
Obligate: Require or compel (someone) to undertake a legal or moral duty.
Origin
Late Middle English (as an adjective in the sense ‘bound by law’): from Latin obligatus, past participle of obligare (see oblige). The current adjectival use dates from the late 19th century.
Note that, unlike Oblige, there are no secondary definitions mentioning being indebted or grateful.
-
-
-
-
-
-
Thursday 16th August 2018 12:00 GMT LucreLout
“More than any other industry, banks still contain a mix of archaic legacy systems, new cloud platforms, and yet are under pressure to accelerate their software development to combat the threat of their ‘digital-first’ competitors,” opined Dave Anderson, a marketing bod from API-making biz Dynatrace, in a canned quote.
Talk about making yourself look incompetent in the technical press....
Banking is archaic (we're shit and we know we are), but its still 3 or 4 decades ahead of the insurance industry (syndicate/Lloyds level, not retail), and about 5 decades ahead of the legal industry. I know, I've worked in all three, and for leading edge employers at that.
-
Friday 17th August 2018 18:12 GMT Drew Scriver
Bank security litmus test...
Here's my litmus test to determine if a bank might truly care about security:
1) Is there a way for customers to report security issues, and
2) How quickly does a bank patch known issues.
1.
As a customer I have found several (sometimes major) security issues with some of my banks. I have dutifully called customer service every time and it's always been the same: the customer service reps do not have a procedure to report my findings internally. My conclusion: the bank does not truly care about security.
2.
Even though PCI-DSS should not be mistaken for a solid security policy, it does require that CVEs rated 4 and higher be patched within a month of the availability of a patch.
Remember POODLE, Heartbleed, et al? Under PCI-DSS these should have been patched within a month. However, many (major) banks took six months or longer - even though the public could see (e.g. through SSLLABS) that they were failing to do so.
Had these banks truly cared about security they would have had processes and architectures in place that enable them to actually patch in a timely fashion - at least the front end.