A chunk of the internet suffered outages today as part of an Anonymous attack on web services giant GoDaddy. While not as big as the recent storm-related outage at Amazon Web Services (AWS), it still offers an important lesson for banks.
If any portion of your online or mobile application is inaccessible, even for a brief time, it’s a critical customer experience issue.
If you have ongoing access issues, you’re losing customers.
Just ask NAB.
Here’s more about the GoDaddy outage from TechCrunch.
“According to many customers, sites hosted by major web host and domain registrar GoDaddy are down. According to the official GoDaddy Twitter account the company is aware of the issue and is working to resolve it. Update: customers are complaining that GoDaddy hosted e-mail accounts are down as well, along with GoDaddy phone service and all sites using GoDaddy’s DNS service.
Update 2: Anonymous is claiming responsibility. A member of Anonymous known as AnonymousOwn3r is claiming responsibility, and makes it clear this is not an Anonymous collective action.
AnonymousOwn3r’s bio reads “Security leader of #Anonymous (~Official member~).” The individual claims to be from Brazil, and hasn’t issued a statement as to why GoDaddy was targeted.
Last year GoDaddy was pressured into opposing SOPA as customers transferred domains off the service.”
Read More At Techcrunch Here.
Why should folks in banking and fintech care about this?
First, think about the scale of this sort of attack.
What type of sites were impacted? If truly millions of sites were down, even for a brief period…were any financial services websites down?
Most likely there were not any (or hopefully many) full bank or credit union websites impacted (meaning then that online banking and other services would likely be inaccessible)…but thousands of banking websites leverage third-party content or service providers that could be affected. I’m talking about third-party marketing content, location services, video sites, mortgage and loan lead generation sites…maybe even some third-party processing sites – the list is actually pretty long if you think about most financial websites and their reliance on third-party hooks (hopefully all external to authenticated applications).
In looking at my twitter feed, it turns out that there are some financial related sites impacted – whether by content being hosted by a GoDaddy registered site, or as part of an overall ISP slowdown that affected various networks. For example – I found a number of bank and CU sites that had their site search or blogs powered by third parties – imagine 404 messages from all the links that were now dead (and why not use Google’s site search?). That’s not a great message to be presenting to your customers – that your site, or even a portion of your site, is hosted externally – or that it is powered (even indirectly) by GoDaddy.
It’s time to consider using Gomez or other (more economical) services to monitor third-party links 24/7. While you’re not hosting critical infrastructure on outside ISP’s – and you aren’t, right? – then you should have a strategy for monitoring and completing due diligence on all of your web content providers – including where they are hosted.
And if your primary banking website was impacted, how are you going to talk about it with your customers/members? What’s the plan? What alternative method of communication do you have in place? And how transparent are you in your discussion?
Maybe it doesn’t matter that some of this third-party content is down. But in my mind, it’s all part of the larger picture around the impression it leaves. Customer experience matters, and as more and more banking activity is done digitally, having every services working is critical to the trust put into these services.
Here’s why I bring this up. How is your bank or credit union prepared to talk about any type of system outage? How prepared are your service teams for that conversation?
The most transparent exchange about the GoDaddy outage came from (Bank) Simple.
Here they are at it again being very clear about how the GoDaddy outage affected their services. Apparently some transaction processors they (and I’m assuming other banking sites) use were impacted by the attack. As usual, they were up front about it (and aware of it, in contrast to most customer service teams I imagine).
How did the GoDaddy Great Site Outage of 2012 impact your bank or credit union?
Or is this whole thing much about *meh*?
Update: And just in case you thought the outages were short lived…
Update: GoDaddy Says Outage Caused By Network Issues, No Hack (hmmmm…really?). Read more.