After reading an interesting post by Troy Hunt about so called "bank grade" security on Aussie internet banking sites I was curious to see what the results would be for South African banks and more specifically how my bank stacks up against the competition. The results are similar with some very surprising names scoring quite low using Qualys SSL Server Test.
|First National Bank||B||PASS||PASS||PASS||FAIL||FAIL||PASS|
* Forward Secrecy
The most surprising to me was Standard Bank and ABSA, the top two largest banks in the country, are failing dismally on their SSL implementation. Imperial Bank is frightening and vulnerable to both POODLE and FREAK attacks. The smallest banks seem to score the highest and a number of South African banks don't even have internet banking such as uBank and Postbank.
Although the grades look decent overall, the amount of red is quite concerning.