SASBO Bank Strike

SASBO has threatened to disrupt the South African Banking by 40,000 to 50,000 union members by ‘downing-tools’. 4IR (Fourth Industrial Revolution) which is embraced by the Unions but no retrenchments should be allowed. These two options are mutually exclusive based on historical events.

SASBO states “We will continue with the strike on Friday. South Africans need to know what is happening at the banks, how employees are being treated. We will make sure that ATMs don’t operate. We will make sure that internet banking service is not working.”

Banks worldwide are being pushed out of their comfort zones by smaller digital-only startups such a Thyme Bank, N26, Bank Zero, and numerous others. They have to adapt or die similar to the industrial revolution. The six largest banks in South Africa is still one of the largest employers with more than 150,000 employees in 2018.

Getting back to the statement by SASBO We will make sure that internet banking service is not working.” can only be accomplished by sabotage of ATMs as well as the computer and network infrastructure. As a staff member, there is the risk of dismissal due to a criminal act and possible a charge laid. With statements like “Ensure you have enough money as ATMs will be down” it is part of the scaremongering to place more stress on the infrastructure.

Banks should ensure that the safety of staff is the priority and an action plan should be in place already. The monitoring of critical network paths to indicate possible tampering is critical and a ‘play-book’ done for incident management.

Citizens should be aware that a criminal element will take advantage of the planned strike such as this and should stay away from possible hotspots such as ATMs, banks and their branches due to possible violence. Unconfirmed reports from Springs shows the bomb-disposal unit disabling three explosive devices at ATMs.

The final takeaway from the event is that South Africa is a small part of a global economy and if we do not pull together to be part of the exponential growth of the 4IR, we will sit on the sidelines cheering on the players after we have paid the entrance fee at the gates.

Free Internet at Santander Totta

The banking landscape is changing at an exponential rate.  Travelling a bit and finding myself on the island of Madeira.  Off the continent of Africa, closest country is Morocco, but it is part of Portugal.  A few years ago, BANIF Bank was experiencing some financial stability and was bought out by a the Spanish Bank Santander Totta.


User Agreement

A very interesting finding was that while sitting outside the bank I saw the Wi-Fi SSID of the bank.  It was ‘unsecured’ (no password required) and I decided to connect to the Wi-Fi.   To my amazement, I got connected to the Internet with full browser functionality.  Whatsapp worked, Instagram as well as Facebook, and other social media applications.

This is a total different approach to some of the banks I have experience in and I think it will be good to comment on the approach here.  As part of a past implementation of a new infrastructure, it was discussed to give GUEST access to clients in the bank limited by time.

What can be realized as a benefit to the bank?

  • Branding is number 1 here.  Your bank’s logo will be shown as part of the agreement.  The user, client or not, will be happy for this free service and will relate ‘happiness with the bank’s logo’.
  • Based on the User Agreement, it will be possible to obtain some statistics of usage and possibly have some leads for product sales.

Are there any new risks to the bank?

I can see no material risk to the bank if the network access via the Wi-Fi is totally separate from the bank’s production network.  The bank of course should have good practices in place where IPS (Intrusion Prevention Services) are part of the delivery platform.

  • Make sure users cannot visit blacklisted sites.
  • Make sure that exploits are blocked.
  • Monitor access as the platform may be used for criminal activity.
  • Only allow services such as HTTP, HTTPS and other protocols that will enable a good experience for the user but cannot be used as a springboard for malicious intent.

Based on the rules, it is simple to control and monitor.

The only recommendation is the security certificate that is not properly implemented.  This should be updated.

This is a plus for the Bank.  Well done Santander Totta.


Santander Totta