Our bank's internet banking service requires that the customer be using 128 bit encryption in their browser; access is denied to browsers using 40 bit encryption.
However, the bank's bill pay service [different vendor, separate login] only requires a minimum 40 bit encryption in the browser.
Does 40 bit encryption satisfy an "industry standard" for banking transactions on the internet?
Is the bank risking liability for allowing customers to access bill pay with only 40 bit encryption?
My opinions are not legal advice, not my employer's, and may change anytime.