I have to suppose that banks, like any other web based services, use the same methods as the rest of us.
There are no "secrets" I know of for implementing security, and we're all pretty much in the same boat with the same holes in our hulls if we've done what we can and keep up with the latest methods, patches, and updates.
You're right. Banks just have more money to throw at these problems.
They have regular security audits. When (those systems aren't necessarily any more secure by design than 'normal' ones, often even less so) a problem is found during these audits they can and will pay a lot of money to fix them, sometimes by almost brute force.
For example, rather than fixing the underlying software that causes a problem they might close potential attack vectors at the network or infrastructure level.
Unfortunately, most financial institutions tend to be more interested in security audits for compliance purposes, than to really resolve identified security issues.
I have to suppose that banks, like any other web based services, use the same methods as the rest of us.
There are no "secrets" I know of for implementing security, and we're all pretty much in the same boat with the same holes in our hulls if we've done what we can and keep up with the latest methods, patches, and updates.
You're right. Banks just have more money to throw at these problems.
They have regular security audits. When (those systems aren't necessarily any more secure by design than 'normal' ones, often even less so) a problem is found during these audits they can and will pay a lot of money to fix them, sometimes by almost brute force.
For example, rather than fixing the underlying software that causes a problem they might close potential attack vectors at the network or infrastructure level.
Unfortunately, most financial institutions tend to be more interested in security audits for compliance purposes, than to really resolve identified security issues.
I guess Banks need to follow some kind of compliance (like PCI), and there are at least, some guidelines or tested solutions for them.
the "Translucent Databases" book might be worth to look.