Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Brit banks must disclose outages via API, decrees finance watchdog

Perhaps TSB's total s*itshow wasn't in vain

The Financial Conduct Authority (FCA) is enforcing new rules that obligate banks to publicly reveal the number and frequency of online outages – including whether these were caused by malicious actors.

Billed as part of consumer-friendly changes to the small print for online banking services, new rules from the FCA and the Competition and Markets Authority will make financial institutions proactively reveal how often they have had to report “major operational and security incidents”.

The move was telegraphed by the FCA over the past few months, having begun with the TSB fiasco in April.

Banks will have to “publish the information on their websites in a consistent format” according to the FCA, while big banks will be expected to dish it up via an API compliant with the Open Banking Standards specs.

A quick squint at the Bank of Scotland’s OBS API (other flavours of moneymen are available) reveals four public incident reporting metrics are currently in use: “total number of incidents reported”; “incidents affecting telephone banking”; “incidents affecting mobile banking”; and “incidents affecting internet banking”.

The latter is likely to be of most interest to infosec-minded folk, as well as uncharitable techies wanting to exercise a little schadenfreude. (yes, you, Reg readers)

The FCA’s master list of banks’ APIs can be found on its website.

“More than any other industry, banks still contain a mix of archaic legacy systems, new cloud platforms, and yet are under pressure to accelerate their software development to combat the threat of their ‘digital-first’ competitors,” opined Dave Anderson, a marketing bod from API-making biz Dynatrace, in a canned quote.

Another marketer, Andrew Stevens of customer service biz Quadient, gravely intoned: “Banks should see this as an opportunity to improve their relationship with customers. By opening up a conversation and being clear about any disruptions to service, internal changes, or even changes to accounts will go a long way in positioning the bank as a trusted provider which cares about its customers..”

Small comfort for folk who were locked out of their TSB accounts earlier this year. Still, better to bolt the stable door before the rest of the herd make a dash for it. ®

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like