Nov 16, 2017

The Mauritius Commercial Bank (MCB) does not use encryption on its emails

Today I am in shock. In great shock. So get ready for some reading.

Google is making a bit deal about online encryption these days. Chrome is blasting warnings all over the web, websites without encryption are being penalized in Google search, and SSL companies must be making a shitload of money.

Having worked on a number of projects involving SSL myself, I was checking out some of the major websites in Mauritius to verify which ones have made the switch to SSL. It turns out a lot, and this is very good news indeed.

At around the same time I was basically stalking Mauritian websites, I received my credit card statement from the MCB in my Gmail account. To clarify, I use only Gmail anyway. I am however focusing on this solely because Gmail belongs to our Lord and Saviour Google and Google is treating encryption and SSL as the Holy Grail of the internet. (Grail and Gmail. Got it? No? The hell is wrong with you?)

Upon checking my credit card statement, my attention was almost instantly attracted to the no-encryption padlock warning Gmail shows whenever a domain is not encrypting its emails. A single click then confirmed that the MCB does not bother encrypting its email. The website is fully encrypted, which is critical for a banking website, but funnily enough, they did not bother extending this to their emails.

Encryption is overrated

Dat guy is encrypted

Imagine being the leading bank in Mauritius and being too cheap to encrypt emails. Well done, MCB, well done.