Bank Grade Security
I have launched a new website which analyses and scores the security of bank's online systems based on a number of factors.
Every bank is rated on a number of security factors, ranging from TLS implementation to Cookie flags, once for their homepage and once for their internet banking login page. Each bank is then scored out of 100 based on their security stance.
The website bankgradesecurity.com has two primary functions. Firstly it is intended to dispel the myth that 'Bank Grade Security' is something to aspire to. It aims to show the reality that banks have poor security and should not be treated as the holy grail of security.
The second objective of creating the website is to track how banks progress over time. Security is an ever changing landscape and banks should be at the forefront of that change. For example at the time of writing only two banks support HSTS Preloading and I am curious to see how this, and other statistics, change over time.
I hope that the website will be used by people to hold banks accountable and encourage them to improve their security.