You should consider the possibility that your perceptions are the result of your not understanding the problem that these procedures are designed to solve rather than the people who instituted them being idiots.
What OP is trying to say is that a disproportionate amount of effort is spent on a rather narrow attack vector and it’s still not 100% secure anyway. The people creating these procedures had goals but good UX was not one of them and definitely not the highest priority.
Yes, I get that. But a compromised root key is essentially synonymous with the end of your entire business (to say nothing of destroying the finances of many if not all of your customers) so the effort being expended doesn't seem disproportionate to me.
If you feel differently, by all means go do business with a bank that doesn't waste all this effort.
Most banks use HSMs to store secrets. This isn’t novel… if you buy an HSM, the manuals describe a less dramatic version of this process. Cloud providers offer them as a service as well.
The inclusion of NSA stuff got my eyes rolling. If you’re worried about NSA implants, you probably should be thinking about the provenance of the HSM, smart cards, etc.
>> But a compromised root key is essentially synonymous with the end of your entire business
No, it is not. That is the point. There are many levels of protection, many checks and validations, and even if you pass all of them still a lot of things can be reversed pretty easily. Banks are not cryptocurrency clowns with private key obsession.
I don't think you fully appreciate the damage that someone with the root key could do. It isn't limited to initiating fraudulent transactions (which, BTW, would be indistinguishable from legitimate one, so you'd have to sort out the mess manually).
Have you ever worked at bank? I mean, I believe you know something about something, but from what you say, it seems like you have never had a word with a bank's InfoSec.
Root access to servers, to secret keys or password is not beneficial. There are many systems validating each other. Even if you got access to one system, even if you control it for some time, you cannot really permanently transfer any significant amount of money anywhere. Fraud detection and AML systems will trigger an alert. Behavioral analysis systems, which are must have in industry, will trigger an alert, to say nothing about many other systems I really do not want to discuss in public.
No, I have never worked at a bank. But I once had half a million dollars go missing because of a transcription error on a wire transfer. It took two weeks to locate the money and get it back to me. And that with without a malicious actor involved, just a stupid clerical error. So I'm pretty confident that if I had a bank's root key I could wreak havoc. That havoc may not take the form of draining everyone's account, but it would be havoc nonetheless.
Oh, I get it. I've represented hacked companies and sat down with FBI agents in tedious, but educational sessions trying to find hackers. It's a real headache and ultimately fruitless.
The problem with hacking a bank is all they can really do is try to screw up the data or lock it down. Even people who work at the bank can't figure out how to move money around, much less where to wire it to to profit anonymously.
