Posted by & filed under MailBigFile, Social.

How Safe Are Banks’ Computer Systems Really?

Remember the 1999/2000 millennium scare story that the transition to a new century would throw spanners in computers’ logic and we’d be locked out of banks, hospitals, schools and the traffic lights would fail?

Well, it didn’t happen as predicted. Instead, over a decade later, we are facing up to a far more realistic doomsday scenario.

RBS/Natwest/Ulster Bank Fiasco

As the fall out from the RBS/Natwest/Ulster Bank computer glitch (failure) spreads and finger-pointing blame begins in earnest (it’s the workers in Edinburgh, it’s the workers outsourced in India; it’s ‘human fallibility’), it’s timely to wonder if we as a people are wise to put so much trust in corporate computers.

For years, we have all been encouraged to do our banking online. It saves the banks a lot of money in staffing and premises costs. In the same way we are encouraged to serve and charge ourselves in supermarkets. It saves them a lot of money.

But groceries are not in the same league as salaries, bills and cash. Indeed, without access to their own money for days on end, many people were unable to even buy groceries.

People were stranded abroad without cash. At least two house purchases fell through when funds were not transferred. A man had to spend a weekend in prison in Kent because funds for his bail were frozen. Doctors in Mexico threatened to unplug the life support system of a child when funds to treat her failed to arrive.

The damage-limitation department went into overdrive (branches open late and at the weekend; all promised that they wouldn’t be permanently out of pocket nor their credit ratings affected). The glitch was solved, they said, then it was ‘only’ the backlog of 100 million transactions holding up normal service!

Banks Break the Golden Rule

Remember when people used to say that banks are too big to fail? Well they’re not and fail they did and still do.

Misha Glenny writing about the debacle in The Daily Telegraph, said that the banks have one unbreakable rule: they cannot allow their computer systems to fail. It is all made worse for the potential 17 million customers affected by the fact that following the catastrophic ‘leadership’ of the disgraced Fred Goodwin, RBS accepted an eye-watering sum of taxpayers’ cash to rescue it from its banking failures in 2008.

But they are not alone. Twice in the past six months alone, HSBC customers endured computer malfunctions that really shouldn’t have happened, given the scale of money at risk, the customers disadvantaged in a competitive market and the investments they are allegedly make in IT.

Google ‘computer system failures’ or ‘financial computer malfunctions’ and you are spoilt for choice of examples across the world. From Blackberry to Twitter to Amazon, the vulnerability of systems to failure is cruelly exposed somewhere regularly. And that’s without adding in the risks from hackers, attackers and weirdos.

In May 2012, a computer summoned 1200 citizens to jury service on the same day in Auburn, Placer County, California, USA. Human failure to do something meant that the system went into default mode, and those responsible said they didn’t know it would do that!

The Armageddon Scenarios

Glenny is but one of many journalists recently raising the spectre of armageddon with water, electricity, transport logistics and airplanes falling from the skies if there is a wholesale collapse of networks on a scale which now seems horrifyingly possible.

She called our level of web and network dependency as ‘fragile’ and without the resilience to ‘adapt to the consequences of a major systems breakdown.’ She said that the genius of the internet is that it connects everything, but ‘that is its Achilles heel’.

Poorly written instructions can wreak havoc very quickly, and she cited cases in Pakistan and Kansas to demonstrate how simple it is. In 2007 Los Angeles’ airport seized up after cables supplying the net to US Dept of Homeland Security burned up; the Metropolitan Police discovered a plot to bomb Telehouse in Docklands, the UK internet hub and thousands of computers started ‘attacking’  Estonia’s network systems.

Russia denied being involved, though traces led there. The point was that Estonia had to isolate the country’s entire system from the world till it was solved. One thing in one place can have knock-on effects. Several random events at the same time can be disastrous.

Solutions Are Thin on the Ground

There is no legislative requirement on RBS or any large corporation to report major failings even anonymously. Neither the existence of such things though effects are quickly obvious; not the causes, whether technical or malicious.

To focus on the lessons learned from this particular biggest so far meltdown, is right and vital. But it mustn’t cloud the issue of basic security. In actual fact, have the 17 million customers been put at risk of having their private data compromised?

Who services their systems? What security is valid? Is security itself susceptible to breakdown or breach?

You remember hearing that statistically most Brits are more likely to get divorced than change their bank account? Well, good luck with finding a new ‘safe’ bank account.

Source:

Daily Telegraph, Misha Glenny, Computer Says No, 25 June 2012.

Further Reading:

Personal Data: Government Plans a Rich Harvest

Technology Is Not the Only Weapon on New Business Battlefields

Too Early to Face Pulling the PIN?

‘Intelligence’ Demands Intelligent Handling

Image: Carlos yo