At 12:46 PM 1/29/2003, alex@yuriev.com wrote:
IIRC, the ATM system is similar to CC transactions. A best effort is made to authorize against your account (Credit Card or Banking) but if it fails and the transaction is within a normal range (your daily card limit) the CC/ATM completes the transaction.
Too bad it is not the case, but lets presume that it is. How does it explain branches not being able to process direct withdrawals either?
The incident on hand illustrates that the design of our financial networks is broken. If a non sophisticated worm managed to create so many problems, what is going to happen should a real attack be mounted against the networks used by financial services?
Perhaps the bank bought VPN service with an SLA from a large network vendor. That SLA was not met due to network congestion. Said vendor will be responsible for reparations to the bank. That doesn't help the customers, of course. Now the bank COULD just use T-1 or faster circuits to all branches, but the network vendors are pushing VPNs (whether formed by IPSec tunnels, Frame Relay, MPLS, etc.) as cheaper alternatives. It would be foolish and irresponsible for the bank management to spend many times the amount of money. Of course even the T-1 circuits can have problems. ATT did melt their telephony backbone on Martin Luther King Day some years back. So should the bank run their own fiber between branches to ensure they're OK in the event of an SS7 meltdown? Where do you draw the line? Which technology do YOU trust? Which can you afford?