On-line banking. It gets worse (and why SOX sux)

On-line banking. It gets worse (and why SOX sux)

Summary: Inspired by a blog that was written fellow ZDNet blogger George Ou, last week, I talked about how Americans are technology, political, and educational laggards and how it will doom them.  Ou's blog talked about how technological laggardliness was causing banks to fail their report cards when it came to online banking.

SHARE:
TOPICS: Banking
2

Inspired by a blog that was written fellow ZDNet blogger George Ou, last week, I talked about how Americans are technology, political, and educational laggards and how it will doom them.  Ou's blog talked about how technological laggardliness was causing banks to fail their report cards when it came to online banking.  I piled on, basically saying Ou's expecations weren't enough.  The rest of the world -- places like Europe, South Korea, Japan -- are leaving us light years behind as we overthink some things and don't think enough about others. Now, thanks to a recent post by Jon Udell, we're getting a deeper glimpse into how screwed up the banks and the banking system really are.  After fixing a busted online banking page himself and writing about it, Udell updated his blog with some feedback he got:

The problem is that even that one Javascript line still needs to go thru SOX audit before being pushed to production....This is indeed an issue to blame on pointy-haired bosses, but their names are Sarbanes and Oxley.

Meanwhile, while that one line of code gets put under the microscope by some SOX auditor, he or she apparently missed the back door that Udell's bank had left wide open from a security point of view.  Wrote another one of Udell's readers:

Why isn't the bank preventing your local page from working? Seems to me that a referrer check, session ID, or something should be required to prove that the form is even being submitted from their own server, rather than someplace else.

Hey! Give that guy a job!

Topic: Banking

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Auditors are the weakest link in SOx

    No self-respecting computer guy would EVER want to be an auditor - yet to be an effective auditor, you need in-depth knowledge of computers. Once the auditor position gets paid much more - you will get much better auditors.
    Roger Ramjet
    • IT Auditor

      I would be interested to know the specifics of the audit environment that Roger R. is referring to as I have been working in this field for the last two years on the consulting side and have no issue with the pay rate. I think that better auditor are a result of certification and training rather than pay scale.
      bluefrog12