Financial Accounts Aggregation
This story has been circulating the office. A part of our team at EDS is responsible for implementing that for the CBA… I don’t know a great deal about cryptography, but one thing I don’t get is when they say all the passwords are stored under one way triple-DES encryption. If that’s true – how do the CBA servers logon to third party financial institution servers to gather information from them? The CBA servers still need to be able to send the decrypted password to other banks’ servers (although re-encrypted via SSL) – for that you’d need two way encryption which means that passwords can be recoverable. Hmmmm…