Draft Guideline on the Provision of Internet Financial Services

From: S Moonesamy <sm+mu_at_elandsys.com>
Date: Tue, 02 Jun 2015 03:00:56 -0700

Dear Sir/Madam,

I read the "DRAFT Guideline on the Provision of Internet Financial
Services by Financial Institutions". Page 8 of the document has the
following text:

   "(i) Usage of SSL (Secured Socket Layer), which ensures server
         authentication and use of client side certificates issued
         by the institution itself using a Certificate Server."

    (ii) The use of at least 128-bit SSL for securing browser to web
         server communications and, in addition, encryption of sensitive
         data like passwords in transit within the enterprise itself."

Usage of SSL is not recommended due to security issues affecting the
technology. The "use of at least 128-bit SSL ..." as described above
does not, by itself, secure browser to web server communications when
sending sensitive data.

Regards,
S. Moonesamy
Received on Tue Jun 02 2015 - 10:06:45 PST