It's certainly calming to know that Santander/A&L put the advanced-web-analytics.com script there intentionally. However, some people (including the customer who first noticed this issue)
continue the discussion and question the 3rd party as well as Santander's use of it.
Some examples:
"Even if advanced-web-analytics is legit. I can't see the how polycache is legit. On some of the nodes it presents a cert for gate-logic.com, is hosted in a Linode VPS, is registered anonymously etc"
"Even if advanced-web-analytics . com is a legitimate site it is outside of bank infrastructure and can be compromised. I checked my Natwest login page and it also loads some scripts from advanced-web-analytics. As far as I can see this script does nothing
harmful at the moment, but the point is it might in the future."
"Anonymous domain regs, VPS hosted accounts - all this adds up to the fact that even if Santander have not been compromised, they're so incompetent with their web security that no-one should trust them."
"Santander has relinquished control of parts of its "secure" site voluntarily to some shady looking characters. Regardless of whether or not there was a breach, it is not safe to do business with a company set up like this."
So what do you think? Is Santander and Natwest doing something they shouldn't?
And who is this anonymous 3rd party anyway?