The banking landscape is changing at an exponential rate. Travelling a bit and finding myself on the island of Madeira. Off the continent of Africa, closest country is Morocco, but it is part of Portugal. A few years ago, BANIF Bank was experiencing some financial stability and was bought out by a the Spanish Bank Santander Totta.
A very interesting finding was that while sitting outside the bank I saw the Wi-Fi SSID of the bank. It was ‘unsecured’ (no password required) and I decided to connect to the Wi-Fi. To my amazement, I got connected to the Internet with full browser functionality. Whatsapp worked, Instagram as well as Facebook, and other social media applications.
This is a total different approach to some of the banks I have experience in and I think it will be good to comment on the approach here. As part of a past implementation of a new infrastructure, it was discussed to give GUEST access to clients in the bank limited by time.
What can be realized as a benefit to the bank?
- Branding is number 1 here. Your bank’s logo will be shown as part of the agreement. The user, client or not, will be happy for this free service and will relate ‘happiness with the bank’s logo’.
- Based on the User Agreement, it will be possible to obtain some statistics of usage and possibly have some leads for product sales.
Are there any new risks to the bank?
I can see no material risk to the bank if the network access via the Wi-Fi is totally separate from the bank’s production network. The bank of course should have good practices in place where IPS (Intrusion Prevention Services) are part of the delivery platform.
- Make sure users cannot visit blacklisted sites.
- Make sure that exploits are blocked.
- Monitor access as the platform may be used for criminal activity.
- Only allow services such as HTTP, HTTPS and other protocols that will enable a good experience for the user but cannot be used as a springboard for malicious intent.
Based on the rules, it is simple to control and monitor.
The only recommendation is the security certificate that is not properly implemented. This should be updated.
This is a plus for the Bank. Well done Santander Totta.