back to article Brit banks must disclose outages via API, decrees finance watchdog

The Financial Conduct Authority (FCA) is enforcing new rules that obligate banks to publicly reveal the number and frequency of online outages – including whether these were caused by malicious actors. Billed as part of consumer-friendly changes to the small print for online banking services, new rules from the FCA and the …

  1. nuked

    Great if it works, but I guess now this becomes a war of definition & gamification.

    1. Anonymous Coward
      Anonymous Coward

      Re:correction

      Great if it works, but I guess now this CONTINUES a war of definition & gamification.

    2. Daniel von Asmuth
      Boffin

      APIs

      FIrstly, try the good old ICMP echo a.k.a. 'ping' API. If the remote server does not respond, there may be an outage. If that is not sophisticated enough for you, SNMP is your friend.

      Secondly, these banks have APIs for interbank payments and customer transactions. You only have to create an automated system that tries to make bank transactions on-line. If thers fail, you may be looking at an outage.

  2. Guus Leeuw

    Dear Sir,

    "complaint" or "compliant"?

    So, the FCA is thinking that the general population cares about these numbers? The general population cares when there's an outage. Soon as the outage is over they'll continue regardless.

    I seriously doubt that the population will wipe out a bank (by leaving it en masse) just because the number of outages is > 0 or whatever your threshold is... Or that they even read the number in question.

    Best regards,

    Guus

  3. DontFeedTheTrolls

    Correction (apologies, don't have access to email to advise through corrections@theregister.co.uk)

    "A quick squint at RBS’ OBS API (other flavours of moneymen are available) ", but the link is to Bank of Scotland

    1. Pascal Monett Silver badge

      Yes, RBS aka Royal Bank of Scotland, aka Bank of Scotland. Nothing to "correct" here.

      1. Uberior

        Well Pascal, you are either a fool or a liar if you claim you can't tell the difference between:-

        Bank of Scotland - Constituted by an act of Parliament in 1695

        The Royal Bank of Scotland - Constituted by an act of Parliament in 1727

        Here's another clue, until the 1980s, you were unlikely to be employed by BoS if you were Catholic and unlikely to be employed by RBS is you were Protestant.

        1. smudge
          WTF?

          Here's another clue, until the 1980s, you were unlikely to be employed by BoS if you were Catholic and unlikely to be employed by RBS is you were Protestant.

          Lived in the Highlands till 1978, and never heard of that at all.

          Presumably you're talking about a 50 mile radius centred on Glasgow?

          1. d3vy

            Smudge?

            Where in the highlands?

            Because I lived in the Hebrides until the late 90s and its common knowledge (in fact it's the reason that I have a BOS account) and other family members who lived on the south island have RBS accounts.. not through choice, those were the only options for local banking.

        2. Spanners Silver badge
          Facepalm

          @Uberior

          unlikely to be employed by RBS is you were Protestant.

          A relative of mine was/is a protestant and a couple of years ago retired at the end of a, full length, successful career in the RBoS. Perhaps that bo***cks did not get to the northern isles?

          FYI - what post-retiral work does senior bank staff want? He is a tour guide in a distillery!

        3. katrinab Silver badge

          Their corporate colours are both blue, and therefore RBS is unlikely to be a Catholic bank.

        4. Pascal Monett Silver badge
          Pint

          @Uberior

          Seems that my googling yesterday was a bit fat-fingered, so count me down as a fool.

          I stand corrected, and I am glad to have learned that there is a Bank of Scotland and a Royal Bank of Scotland.

          Why make things simple anyway ?

          In any case, this round is on me.

      2. Doctor Syntax Silver badge

        Bank of Scotland is part of the Lloyds group.

  4. Anonymous South African Coward Bronze badge

    Pre-Y2K and thereabouts one of Spencer F. Katt's columns sported an "This office is K2Y Kampliunt" cartoon.

    Sadly, it cannot be found anymore.

    And the BOFH himself also had a dig at compliant and complaint :)

  5. Alister

    “More than any other industry, banks still contain a mix of archaic legacy systems, new cloud platforms, and yet are under pressure to accelerate their software development to combat the threat of their ‘digital-first’ competitors,” opined Dave Anderson, a marketing bod

    Thanks for that. Perhaps if marketing could keep their noses out of IT then banks would not be "under pressure to accelerate their software development" to the point where it is untested and insecure?

  6. Jonathan Evans

    Obligate!

    "Oblige"?

    1. Korev Silver badge
      Thumb Up

      Re: Obligate!

      This ^^^^

      1. Anonymous Coward
        Anonymous Coward

        Re: Obligate!

        DOUBLE THIS!! I am obliged to tell you that obligated is a US English bastardisation. As well as my blood pressure increasing when I see this, I am always reminded that nobody in the US does is ever burgled and thus there are no burglars. Just burglarizers, who eventually, according to the US English logic, will leave ther victims buglarizered instead of just burgled.

        1. Alister

          Re: Obligate!

          I am obliged to tell you that obligated is a US English bastardisation.

          I am obliged to tell you that you are talking bollocks.

          Obliged and obligated do not mean the same thing, and there is a clear distinction.

          To be obliged means you are indebted to someone for some service or favour.

          Obligated carries a slightly different meaning, in that the subject is forced to do something because the law or morality requires it.

          1. Anonymous Coward
            Anonymous Coward

            Re: Obligate!

            Google 'define oblige' and the first definition is "make (someone) legally or morally bound to do something" - same as your alleged definition of obligated. Stop trying to split hairs and pretend their is any nuance in different usages. Funny how I never heard of obligated in 50 years of reading and speaking UK English until I started seeing US web sites/bloggers use it a few years ago. I never heard anyone in UK use this verbally and only in writing in recent years as a result of its visibility in US sites, as noted. Funny how I've rarely seen a US English speaker/writer use oblige.

            Goodbye.

            1. Alister

              Re: Obligate!

              Did you by any chance Google "define obligate" or did you miss that bit?

              From the OED:

              Obligate: Require or compel (someone) to undertake a legal or moral duty.

              Origin

              Late Middle English (as an adjective in the sense ‘bound by law’): from Latin obligatus, past participle of obligare (see oblige). The current adjectival use dates from the late 19th century.

              Note that, unlike Oblige, there are no secondary definitions mentioning being indebted or grateful.

  7. LucreLout

    “More than any other industry, banks still contain a mix of archaic legacy systems, new cloud platforms, and yet are under pressure to accelerate their software development to combat the threat of their ‘digital-first’ competitors,” opined Dave Anderson, a marketing bod from API-making biz Dynatrace, in a canned quote.

    Talk about making yourself look incompetent in the technical press....

    Banking is archaic (we're shit and we know we are), but its still 3 or 4 decades ahead of the insurance industry (syndicate/Lloyds level, not retail), and about 5 decades ahead of the legal industry. I know, I've worked in all three, and for leading edge employers at that.

  8. no_handle_yet

    Oh arse !

    This is what I get from Santander

    <errorResponse>

    <httpCode>500</httpCode>

    <httpMessage>Internal Server Error</httpMessage>

    <moreInformation>Failed to establish a backside connection</moreInformation>

    </errorResponse>

    Says it all really

  9. Nick Kew

    "uncharitable techies ... yes you Reg readers"

    Now there's a phrase to remember. And to remind you of, next time the Reg urges its readers into any kind of charity.

  10. Anonymous Coward
    Anonymous Coward

    and what about non client facing outages

    How about outages involving SWIFT etc...

  11. Drew Scriver
    FAIL

    Bank security litmus test...

    Here's my litmus test to determine if a bank might truly care about security:

    1) Is there a way for customers to report security issues, and

    2) How quickly does a bank patch known issues.

    1.

    As a customer I have found several (sometimes major) security issues with some of my banks. I have dutifully called customer service every time and it's always been the same: the customer service reps do not have a procedure to report my findings internally. My conclusion: the bank does not truly care about security.

    2.

    Even though PCI-DSS should not be mistaken for a solid security policy, it does require that CVEs rated 4 and higher be patched within a month of the availability of a patch.

    Remember POODLE, Heartbleed, et al? Under PCI-DSS these should have been patched within a month. However, many (major) banks took six months or longer - even though the public could see (e.g. through SSLLABS) that they were failing to do so.

    Had these banks truly cared about security they would have had processes and architectures in place that enable them to actually patch in a timely fashion - at least the front end.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like