Ha! I work with banks every day and see some of the worst architectural decisions made in the name of security. What's worse is most of these decisions actually make their systems less secure!
It seems to be impossible for banks to NOT role their own authentication systems. And every one I've seen ends up with passwords stored or transferred in a way less secure than if they just plugged in an OAuth library or use any of the standard WSS/WSSE options to secure their SOAP endpoints.
It seems to be impossible for banks to NOT role their own authentication systems. And every one I've seen ends up with passwords stored or transferred in a way less secure than if they just plugged in an OAuth library or use any of the standard WSS/WSSE options to secure their SOAP endpoints.