Draft Guideline on the Provision of Internet Financial Services
Dear Sir/Madam,
I read the "DRAFT Guideline on the Provision of Internet Financial
Services by Financial Institutions". Page 8 of the document has the
following text:
"(i) Usage of SSL (Secured Socket Layer), which ensures server
authentication and use of client side certificates issued
by the institution itself using a Certificate Server."
(ii) The use of at least 128-bit SSL for securing browser to web
server communications and, in addition, encryption of sensitive
data like passwords in transit within the enterprise itself."
Usage of SSL is not recommended due to security issues affecting the
technology. The "use of at least 128-bit SSL ..." as described above
does not, by itself, secure browser to web server communications when
sending sensitive data.
Regards,
S. Moonesamy
Received on Tue Jun 02 2015 - 10:06:45 PST
This archive was generated by hypermail 2.3.0
: Tue Jun 02 2015 - 10:09:01 PST