¬†  

bunq on AWS

Jelle shared this question 4 months ago
Question

So I recently noticed that bunq is moving all of their services to AWS (iDEAL, App, bunq.me).

Should I be worried about my privacy since AWS is a US based company?

Comments (25)

photo
23

Hey Jelle,


We moved a part of our services towards AWS to help cope with the DDoS attacks we had this week, as we don't want bunqers to experience issues with attacks like that.

No need to worry, AWS has been approved by DNB (central bank) to handle sensitive data. Also, AWS Europe is fully based in Europe, your data will stay right here 👍 Of course, bunq will remain encrypting all data!

We understand that a lot of bunqers would like to know more about this move to AWS. That is why we will write a blogpost about it, explaining everything 😄

photo
14

Hey Koen,

I can't wait for this blog post. Why not stay with TransIP? Also I am a big fan of amazon, but I am worried about moving data to AWS even through its certified for financial institutions. I would much more like the data to say at the company that is also run by the bunq CEO. Also AWS must be much more expensive I think.

photo
12

When is this blogpost being published?

photo
18

Just a small nuance. The DNB 'approval' only means that they have an agreement with AWS regarding 'right to examine for DNB'. So that DNB can oversee the whole outsourcing. Still, the customer (financial institution) has to ask AWS for this addendum herself. How safe AWS really is, also dependents on bunq. But magic words like encryption helps :).. And hopefully bunq does manage encryption keys by themselves.

photo
15

I am curious about that blog post 👍

photo
13

Really looking forward to that post. Don't think there are a lot of banks that are that flexible that they can just hop the entire (or even parts of the) stack onto another platform.

photo
11

Hi Koen,


Any idea when the blogpost will be published?

photo
7

Hey Jelle,

Sorry for the delay! We'll make sure to get it to you guys as soon as possible 👍

photo
photo
13

Completely safe. Just like with Google, Amazon stock would drop drastically if data is not kept safely.

photo
16

Don't let AWS Scare you just because it is an Amazon service :)

Many huge company's use AWS such as Netflix, Spotify, airbnb and iCloud if 'm not mistaking.

As long as Bunq does not use a Google datacenter you should be OK.

photo
17

Yes Apple uses AWS for many of its services (iCloud, App Store downloads, sw updates, etc), though they're also building their own data centers... and not many people now this but bunq is not the only bank (in the NLD & the EU) that runs part of its service on AWS. As for the reasons why bunq would not stay on its own founders servers at TransIP, they are after all in some part all the same company, and secure those better escapes me. Maybe Ali can explain in that blog post they promised us

photo
14

Je hoeft niet groot te zijn om AWS (Europe) te gebruiken ;-)

photo
photo
18

Why do you believe that the US doesn't already have full details of every transfer you make? Unless you are finding a known terrorist group or a US person they have little interest in you. If you want real privacy you need something outside conventional banking.


AWS is perfectly safe. Bunq's biggest cool on-line competitor is on AWS.

photo
12

Why not to Azure instead of AWS? At least then the services and data stay in a datacenter in the Netherlands...

photo
16

Azure isn’t as safe as AWS Europe. Yes, servers are in the Netherlands, but they don’t have the same safety level.

photo
12

I somewhat doubt if MS don't have the same safety level... what would be the significant difference?

photo
14

Orrr GCP. I believe they also have servers in Holland.

photo
13

I've used Azure. Seriously, it's not production ready. It's the cloud of choice of those who don't have a choice. AWS is a far better bet.

photo
photo
21

Azure has tons of issues and is really not that stable in multiple regards.

photo
8

Ofwel: de VS kan bij je bunq transacties. Leuk dat er “encryption” geroepen wordt - maar als je iets wilt doen met data (zoals zoeken naar transacties) zul je toch echt moeten decrypten dus die sleutel hangt vast ook ergens in AWS. Lijkt me stug namelijk dag ze AWS alleen als (cold) storage gebruiken.


https://www.topsec.com/it-security-news-and-info/what-is-the-patriot-act-and-how-does-it-affect-europe

photo
9

Ja, maar Amazon heeft niet de specifieke sleutel van Bunq klanten. Dus maak je niet bang! En als het goed is worden de gegevens van iedere klant met een aparte sleutel verlseuteld, dus alleen Bunq kan die hebben lijkt me.. Wie weet kan Ali ons meer vertellen?

photo
13

@DaveFlash: Hoe kan het dan dat ik mijn gegevens, transacties, etc via api.bunq.com - gehost op AWS - kan opvragen?

Ben het er inderdaad mee eens dat het heel fijn zou zijn als er wat dieper op in werd gegaan, in plaats van "encryptie!" te roepen. Zelfde geld voor de handverificatie. Toen ik vroeg hoe dat werd opgeslagen werd me verteld dat ik me geen zorgen hoefde te maken, dat alles versleuteld werd opgeslagen en dat het 100% veilig was. Dan gaan bij mij dus alle alarmbellen rinkelen 😁

Overigens niet dat ik er problemen mee heb dat ze bij AWS hosten. Klanten klagen dat het platform niet tegen een DDoS-aanval kan, bunq versterkt de infrastructuur. Plus dat ik niet verwacht dat een andere bank überhaupt inhoudelijk op dergelijke vragen reageert, dus bunq heeft daar ook al een transparantie-streepje voor.

photo
9

Volgens mij doen we nu allemaal allerlei aannames en weet alleen bunq hoe het echt zit. En ik gok dat bunq daar weinig nadere toelichting op gaat geven :)...

Tot op zekere hoogte is het wat mij betreft ook kwestie van vertrouwen. En als er een bank is die ik het meeste mijn geld toevertrouw, dan is dat bunq wel.

photo
10

Feit blijft dat ik mijn gegevens van een AWS IP ontvang, los van of ik dat erg vind of niet 😉

bunq gaf laatst aan in de chat dat ze er over denken, en er waarschijnlijk wel een post over schrijven. Afwachten dus, in the end weet inderdaad alleen bunq alle details.

photo
7

About the hand recognition you will find some more info hier: https://www.veridiumid.com/case-study-bunq/

photo