See, this is exactly why we're leaving the EU. We don't need no more red tape. The British way is to let the banks shit all over us and we don't need no Brussels bureaucrats bullying our banks into looking after our privacy. After all, none of us has to conceal the fact we only have one ball;1 I can assure you, Delors, that each and every one of us has an anatomically correct pair of testicles -- even the women. Hurrah!
1. But, of course, you can reclaim your missing ball from the Albert Hall at any time. Please bring three pieces of photo identity, a DNA swab, and a picture of the missing organ.
Don't take money from banks (PPI) because they invariably get it back (bail outs)
Seriously, a load of sub prime mortgages in America caused a crash that put banks on their knees. Do they think people are really that stupid?
or maybe I'm stupid and I don't understand economics at all.
Regulations != better security
I'd expect expensive systems to a) ass cover and b) 'meet regulations'...
For only a few million, I could supply 'em with a system that submits a report every 3 days which lists, in a good old hard-copy sort of way, all the attempted logins. If there's a breach, it should be in there somewhere ; )
Re: Regulations != better security
I'll see your few million and lower you half a million.
There was another story today about bank sites having a lot of third-party trackers, grabbing data. Wouldn't those count as a data breach, unless the user had given specific informed consent - which I somehow doubt! Even Adblock Plus doesn't stop them all without a bit of guidance.
Within the last few days I've had a marketing email from my bank containing nothing of value but riddled with links. It doesn't actually come from their domain. The links are to a subdomain of the bank - but the bank doesn't host that subdomain. In other words it looks exactly like a phishing email.
An email like that doesn't get sent out by a single person. At the very least one would have to write it and one to sign it off. More likely there would be a whole team of them. A whole team who, between them, have no concept of the dangers of phishing and are quite happily training their customers to be phished. And if they don't understand those dangers each of them is a danger to the bank because any of them could be phished, leading to a breach.
The best thing any bank could do to prepare for next May is to get rid of their marketing department.
Nobody is preparing because...
Nobody is preparing because nobody believes the GDPR will come into effect as defined, and if it does they are willing to take the risk that they won't be the first ones getting hit.