|Position||Last month||Banking group|
|1||1||Street Capital Bank of Canada|
|4||3||Canadian Tire Bank|
|5||4||CS Alterna Savings|
|6||5||Wealth One Bank of Canada|
|7||12||First Nations Bank of Canada|
Our system performs the same “basic security tests” on every bank that appears on our charts. These tests include testing for certain common vulnerabilities, or digital practices. When we see specific issues at a bank, we add additional “bank specific” tests to these banks to repeatedly check for any ongoing (or future) reocurrence of these known problems. These bank specific tests cover all manner of items, including checking for known leaks, breaches, cloud leaks, confidential customer data leaks, vendor leaks, and many other issues. In exceptional cases, adjustment scores are appended to the end of the tests as a result of issues that are known to us, and can be tested by humans. This includes items such as issues with mobile applications, payment systems that require humans to initiate transactions, security issues with specific staff, branches or locations, and so on. Details of these are logged and both the banks and governments can see when this occurs.
This depends on the size of each bank. For a large bank with a large digital footprint, we commonly perform anywhere between 200 to 750 tests.
We tally the test results, first sorting by the percentage of tests passed, and a secondary sort by the number of tests performed (in case two banks both have the same percentage of test passes), finally a third sort by alphabetic name is performed. For security reasons, we don't publish how many tests were done on a specific bank, or what the percentage of passes were for each bank.
Yes. Each month’s chart is compiled and a full audit trail is generated and archived. The logs are not stored on this webserver or any other webserver, but are kept in cold storage until needed.
Banks can purchase and run their tests themselves in the very near future. For security reasons, one bank cannot purchase another bank's test framework. The tests are expanded and enhanced regularly, so banks should renew frequently to stay on top of things. If you are a bank interested in purchasing your bank's tests, please use the contact form below.
Do to the nature of the logs and the pictures they paint about each bank, we don’t publish the logs. However, they are definitely available to regulators, law enforcement and other government agencies for an appropriate fee. If you are interested in the logs for your country, please contact us.
We currently check all major domestic regulated banks in Canada. We do check banks in other countries, but do not currently publish charts for those.
We group banks by their parent banking group. For instance, in Canada the Tangerine brand is part of the Scotiabank group. It is highly likely that your bank is under a bigger parent group. If you would like to suggest a bank that we're not currently displaying, please use the Contact form and let us know.
The Digital Banking Security Index was started in Canada. It was created by someone who was not too enthralled with their bank's idea of security, and wanted to make the world a safer place. The manual safety checks that were being repeatedly performed on this bank were eventually automated, and then these tests were extended to encompass more banks, allowing us to compare other banks to the original bank. Currently, we check banks across three four countries on three continents.