In a follow-up to their discovery earlier today, BolehVPN have conducted another round of HTTPS security test for nine additional Malaysia-based online banking services that missed out in the company’s first test session. It turns out that there are actually quite a number of F grade online banking services that are run by our local banks out there.
According to the test results, three out of those nine services – namely Affin Bank, Bank Muamalat and Bank Simpanan Nasional – are given the F grade. Apparently, the online banking services provided by all three of them are highly vulnerable to denial-of-service and man-in-the-middle attacks.
Hence, we have reached out to all three banks above to obtain their reaction regarding the security rating by SSL Labs and the steps that they are planning to rectify the issue. We have also extended our inquiry to Bank Negara Malaysia for their opinion on this matter.
As for those who are keeping tabs on the test results, Standard Chartered, CitiBank, and OCBC now joins CIMBClicks as the top ranked Malaysia-based online banking services as determined by the test by Qualys SSL Labs.