- 20-04-23RFO Incident 14 April 2023
- 15-04-23Storage incident Friday April 14th, published on www.bit.org
- 30-12-22Power rate change and portal updates
- 30-05-22Update RFO Network Incident 17-04-2022
- 23-05-22Freedom of Information Coalition (FOIC) takes case to European court
- 19-04-22RFO Network Incident 17-04-2022
- 21-02-22BIT-MeetMe fully reopens
- 17-12-21We carry on working from home
- 05-11-21Face mask required from November 6th at BIT
- 04-08-21Road works BIT-2 from Aug 16th until Sep 25th
Majority banks do not or not sufficiently secure online data transport
Not one single bank has optimal setup website security
Ede, February 12, 2019 – Over half (52%) of the Dutch banks does not have its TLS configuration in order. TLS (Transport Layer Security), previously called SSL, is the security protocol that secures the communication between websites and their users. During communication on the internet, this protocol can be recognised by the use of HTTPS (HyperText Tranfer Protocol Secure). Part of the organisations does offer HTTPS, but has not fully configured it. This is one of the results of research performed by data center BIT into the use of security standards by different websites. The data center checked 23 Dutch bank websites for this study.
Websites banking system not optimally secured
In addition to half the websites not having TLS configured fully, over three quarters (78%) has no DNSSEC, which can prevent redirects to malicious websites. Also, more than a third (35%) of the banks uses Google Analytics, which allows Google to create detailed profiles of the website’s visitors. This is all at the expense of the visitor’s privacy and is not easy for them to turn off. One of the banks does not even notify the use of cookies, despite using Google Analytics.
Alex Bik, CTO at BIT: “Even though there is no need for alarm bells, I cannot begin to understand why banks, of all institutions, do not have the security of their websites a hundred percent in order. There is no excuse to not have TLS set up completely; the missing measures are exceptionally easy to implement. The use of Google Analytics is shocking to me. The banks in question are selling their client’s privacy in a way to get marketing statistics, without providing the proper notifications.”
Visit Internetschoon.nu for stepping stones to contributing to a safe and clean internet.