Majority banks do not or not sufficiently secure online data transport

Majority banks do not or not sufficiently secure online data transport

12-02-2019 09:32:49


Not one single bank has optimal setup website security

Ede, February 12, 2019 – Over half (52%) of the Dutch banks does not have its TLS configuration in order. TLS (Transport Layer Security), previously called SSL, is the security protocol that secures the communication between websites and their users. During communication on the internet, this protocol can be recognised by the use of HTTPS (HyperText Tranfer Protocol Secure). Part of the organisations does offer HTTPS, but has not fully configured it. This is one of the results of research performed by data center BIT into the use of security standards by different websites. The data center checked 23 Dutch bank websites for this study.

Websites banking system not optimally secured

In addition to half the websites not having TLS configured fully, over three quarters (78%) has no DNSSEC, which can prevent redirects to malicious websites. Also, more than a third (35%) of the banks uses Google Analytics, which allows Google to create detailed profiles of the website’s visitors. This is all at the expense of the visitor’s privacy and is not easy for them to turn off. One of the banks does not even notify the use of cookies, despite using Google Analytics.

Alex Bik, CTO at BIT: “Even though there is no need for alarm bells, I cannot begin to understand why banks, of all institutions, do not have the security of their websites a hundred percent in order. There is no excuse to not have TLS set up completely; the missing measures are exceptionally easy to implement. The use of Google Analytics is shocking to me. The banks in question are selling their client’s privacy in a way to get marketing statistics, without providing the proper notifications.”

Visit for stepping stones to contributing to a safe and clean internet.