Bank IT systems

This is the place for posts that don't fit into any other category.

Moderator: RichardW

User avatar
xantia_v6
Forum Admin Team
Posts: 7468
Joined: 09 Nov 2005, 23:03
x 419

Bank IT systems

Post by xantia_v6 »

I have recently installed a new email server that handles my personal email accounts, as well as a couple of other domains (including this forum), and have been watching the logs quite carefully for the past week while checking and tweaking settings.

Our bank has a security check on our debit cards, such that if you use the card for any on-line purchase you need to supply a one-time security code that they send via text or email. We happened to have one card set up for email notifications, and on using it today, the email didn't arrive.

Checking the logs I found that our email server had in fact received an incoming connection from the company that does the security checks, but had rejected it because the forward and reverse DNS records for the (claimed) originating server do not match. In fact the PTR record for that server appears to be the default bulk record supplied by their ISP.

In the last week, there is not other record in our logs of incoming email from a server with mismatched DNS records.

A few questions are raised by this, like how many other clients never get their security code emails because their email system applies tight (but not abnormal) security?
and what level of quality control exists in an organisation that exists for security, but can't remember to correctly configure their own internet address?

User avatar
GiveMeABreak
Forum Admin Team
Posts: 21187
Joined: 15 Sep 2015, 19:38
x 2110

Re: Bank IT systems

Post by GiveMeABreak »

True - I tend to have any verification codes sent via phone as I believe there is less risk and it's very quick. There's always the possibility of some interception along the route with email - wherever the filters lie that could interfere. But very interesting nonetheless concerning their own systems!

User avatar
white exec
Moderating Team
Posts: 6235
Joined: 21 Dec 2015, 13:46
x 1047

Re: Bank IT systems

Post by white exec »

Our authentications codes come by phone too, from several banks, UK and Spanish. Usually arrive within seconds.

User avatar
xantia_v6
Forum Admin Team
Posts: 7468
Joined: 09 Nov 2005, 23:03
x 419

Re: Bank IT systems

Post by xantia_v6 »

In an unrelated incident yesterday, British Airways yesterday sent me an email with a new PIN for an online account which I have no recollection of signing up for.

I know that I flew BA in 2002, and perhaps in 2005, but never since then, so I wonder why they still have my personal details.

Initially I thought it was a phishing email, but careful examination of the headers showed that it did come from a BA server (although one with incomplete security configuration).

I suspect that the sending of that email was triggered by the general panic at BA due to the security breach that was made public about 8 hours later.