So, new question….if they don't use SSL, would they have their own encryption to assure the traffic between customer and bank is secure?
Yes. I checked with a major banking group earlier today on just this issue since nowhere on their website was there any indication of whether the bank's secure banking servers had been affected by the Heartbleed bug. Nor had any assurances been posted that their secure servers were immune to same and safe to use.
The bank advised: "[Bank] has defenses in place to protect our customers so you can do your banking securely and without risk to your personal data. [Bank] uses secure SSL. Our banking sites and customer data are protected. "Although we don't recommend any specific actions to bank customers as a result of this vulnerability, we always recommend that customers change their passwords regularly (ie, several times a year)."
According to a number of reports in the Canadian press, no major Canadian bank was affected by the Heartbleed bug. See, for example, the coverage in The Globe and Mail (www.theglobeandmail.com).
