Slashdot Mirror
UK ATM System Could Have Ruined Economy
seanyboy writes "The Register is running the story of how the UK banking system could have collapsed in the early 1990s, how easy it was at the time to withdraw against other people's accounts and the worrying case of a Bank's rogue IT Department." From the article: "What quickly became clear was that the law needed a system to provide proof that events had happened so that legal cases could be made. You might say that 'the computer debited the account', but to a barrister (and more importantly, a judge) that's not enough. Did the computer do it at random? In that case it's like a tree branch falling - an accident. Or did a person program it to do so? In which case the person must be able to testify about the precise circumstances when a debit could happen. Sounds daft, but the law rests on proving each step of an argument irrefutably."
Seems like this article and http://it.slashdot.org/article.pl?sid=05/10/21/135 204&tid=172&tid=156 are related - getting to market is more important than making sure it's 100% secure.
KeepTrackOfIt.com - Find the lowest gas prices in your area graphically
It would be a sad thing if we've already lost our democracy.
Abstinence is a government conspiracy. www.SafeSexZone.co
2 - The UK didn't have something similar to Reg E in the United States regulating "electronic" banking (in the US, that would include ACH items, wire transfers, and ATM/debit card transactions). And apparently, the UK doesn't have the banking regulatory structure to add such regulations as necessary without passing new laws.
If anyone is interested, here is Reg E in all of its glory.
A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
I was always interested in the Prevayler methodology. The concept is that the database is one big transaction log, with occasional full rewrites to speed up restarts. It's a neat idea, and seems to work rather well in practice. (Though the API is unnecessarily PAINFUL.)
Traditionally, however, a classic database is mated with a transaction log. The transaction log can be rerun to get the state of the database at any point in time. That way if the database is modified or goes kaput, the transaction log can be used to verify or rebuild the data.
Constitutional requirements for due process also require certain rules to be followed by both sides. Defense attorneys aren't allowed to coax people into perjuring themselves, withold information on future crimes, etc.
What happens when five people complain
The journal roll is checked and the five failed transactions are found to occur between two of your transactions.
I don't think you have to try this too many times before they are onto you
Regardless of what law might or might not have been broken. This should not be so easy. I was appalled that there was no check of even a name match or similarity. Some banks do EFT validation like the way Paypal does with those little deposits amounts that you have to go check and report back to Paypal. But so many online services just initiate EFTs without any checking whatsoever. Its a system ripe for abuse. And the fact that I wasn't even aware that what I did was against the law is even worse. There's no warning or text that tells you on those websites what your supposed to be typing in. I know that ignorance of the law isn't a defense in court, but by the time it gets to court its really too late anyways. Don't law and punishment really only work if people are aware of them?
I think someone should really scream loud about this before its too late.