How secure is Canadian online banking in 2017?
Over the past couple of years we have seen a big push by technology companies to further secure the internet for users. I wondered why my bank only allows 6 digits passwords and does not offer 2FA? These questions lead me to check the security policies of Canada's major banks. Every bank seems to offer a link to Security page in the footer of website. What I found was surprising as it seems banks are not doing their part to ensure their customers have highest level of security.
Please note: I am not saying they are not secure. I am sure the bank have very strict internal security policies. There seems to be a lot more banks can do when it comes to customer protection.
No Two-Factor Authentication
Unlike many American and British banks, there doesn't seem to be any Canadian bank offering 2FA whether by hardware of software token. You can ask your bank to take security seriously and consider implementing 2FA like other banks have. Services like Google and Thexyz also offer 2FA. You can see a list of banks that support 2FA here: https://twofactorauth.org/#banking
SSL by default
Since Google announced that SSL is now a ranking factor many sites have switched to SSL by default. This means that your homepage always redirects to https version.
I found that ScotiaBank was yet to implement this functionality. I assume they are waiting for search engine rankings to take a hit before they make their move.
I think all the banks could improve password policy. The Bank of Montreal practice of only allowing a 6 digit password in 2017 should be stopped.
A couple banks seem to recommend a certain anti-virus with an affiliate link or commission paid to the bank when a user buys these products. The problem is, that these products are some of the most in-secure anti-virus products on the market. From what I can understand, it looks like some banks are profiting from recommending a particular anti-virus product. They do not seem to mind that the particular products do not protect against the high level of threats we see in 2017.
I have often wondered why bank security is not as high as other online services I use. When really it should be one of the highest. Hope the banks aren't too bust counting money to read this.
Something for something to shoot for. Check out the security and policies of ZKB in Switzerland.