banks and security

"YES you do upgrade a banks security all the time. The technology for access, monitoring systems procedures. The fact of the matter is that not enough people are constantly overcomming car security in a way that challenges the developers to upgrade their security"

Banks and IT security? Bad example - unfortunately for customers and also share holders I would say - banks do have a bad history when it comes to IT project and system security. And even more sadly - this does not look as if it is changing. Traditionally the systems developed have been developed with minimum security in mind. I would go so far that some systems I have seen have been utterly developed WITHOUT security in mind. Ignorance seems to be bliss in the banking sector. If you believe marketing talk - yes they are 'updating their security all the time' (where on earth did you get that reassuringly overconfident spin?). Are these the same banks being referred to who still today cannot create an overview of a customers complete relationship and transactions with themselves? (hint - lookup 'Basel' and banking).

Sorry banks are infamous in the IT security world for not doing their homework and for actively refusing to invest in IT security (cost saving). They do not generally speaking invest in IT security unless they are forced to (and then as little as they can get away with accompanied by spin) - they do however invest in strategies designed historically to push any inconvenient costs and blame on all other actors and stakeholders.

Look at how credit card issues have been handled:

1. To redistribute responsibility by talking about security issues by focusing on E-crimes with government and police.

2. To redistribute responsibility by changing the fineprint in contracts with consumers and also to change the name of transactions (see latest UK development in the way the banking sector is trying to re-define Credit Card payments to 'cash advances' (?) rather then to sort out their security issues).

3. If there is a risk that police investigations into security issues may point to embarassing security holes in their own processes and systems see to it that those investigations are moved in house and not registered as issues outside (Credit Card fraud investigations anyone?).

Yes banks do a lot (of money) - but IT security is something that they do as a result of being dragged kicking and screaming into the civilised society. Unfortunately for us in the UK - there is very little 'dragging' going on at the moment.