Bank Grade Security - Danish bank edition v2

2016-02-03

In need of something better to do, I thought I would see if any of the Danish Banks have improved their SSL/TLS since last summer. Back then, we saw that the so called “bank grade”-security was generally not that good (at least in terms of SSL/TLS). The results were pretty much consistent with the rest of the world, which was kinda sad. But now we are in 2016, so let us see how the banks fare today.

I have tested all the banks I tested last time, as well as the ones Jamie Magee tested and I did not.

BankGradeSupports SSL 3Supports SHA1No TLS 1.2Supports RC4Forward SecrecyPOODLE
Jutlander BankA+PassPassPassPassPassPass
Arbejdernes LandsbankAPassPassPassPassPassPass
Vestjysk BankAPassPassPassPassPassPass
NykreditAPassPassPassPassPassPass
Spar NordAPassPassPassPassPassPass
Danske BankA-PassPassPassPassFailPass
FinansbankenA-PassPassPassPassFailPass
Jyske BankA-PassPassPassPassFailPass
Lån & Spar BankA-PassPassPassPassFailPass
Nordjyske BankA-PassPassPassPassFailPass
SydbankA-PassPassPassPassFailPass
DLR KreditCFailFailPassFailFailFail*
NordeaCPassPassFailFailFailPass
  • *Intermediate certificate still supports SHA1
  • **Only SSLv3 vulnerable to POODLE, not TLS

Wow. What an improvement. Back in May, only one bank got an A- and it was the only one to get higher than a B. Now only two banks get less than an A- and there even is one getting an A+. Good job to the teams who have taken action to improve their security and kudos to Jutlander Bank for being the only bank in Denmark (I know about) with an A+ rating.


Comments: