Reply to post: Re: Where are the First Direct results??

El Reg assesses crypto of UK banks: Who gets to wear the dunce cap?

Norman Nescio Silver badge

Re: Where are the First Direct results??

> I don't have a First Direct account, but I can see they they load scripts from and on the login page. Not ideal.

Shouldn't banking sites (and indeed, any page that allows financial transactions) have zero minimal* links to third parties? I would expect all the page to be delivered over https; and the certificate for the page and all linked pages to be owned by the bank/financial institution. Anything less than that looks rather dodgy to me. How does the bank/financial institution know that the third party is not serving up malware, and who is liable if it does?

uMatrix helps a lot in that regard.

*I say minimal, as the frame that takes you off to Visa or Mastercard to authenticate your credit card transactions links to their infrastructure, not the retailers.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019