It's not an altogether unreasonable approach to security. It doesn't sit particularly well with geeks, but for complex systems with a high risk of fraud there's a great deal of damage-limitation to be found in only processing transactions when they can be manually monitored. Heuristic intrusion detection is still relatively poor.
For a government-to-business service, the overwhelming majority of legitimate transactions will occur during office hours and few people will be significantly inconvenienced by closing overnight. The risk of an attacker gaining even a few hours of brute-force insight is great, but the rewards from operating 24/7 slight.
While I'd like to be able to do my Companies House filings at 4am, I'm more keen to see my data protected.
Right. It'd be nice if everything was 24/7, but we have all manner of systems here in Japan that are only open during certain business hours, and for that matter in the US, too.
The online interface to the Delaware Division of Corporations, for example, only processes certain filings during business hours.
Computer software can be pretty good at flagging activity that falls outside certain parameters, but it still isn't generally good at figuring out what the do about that.
I just made it up, but others have probably noticed it. Insurance contracts (in the US) seem to always start at "12:01 on January 1". For some reason, our legal system can't get its collective head around the idea of "midnight" being the dividing line between two days and belonging to neither. I've heard there was actually a supreme court ruling that a street sign which read "12:00" was ambiguous. One of those things someone told me that I'm not sure to believe. "12:01" isn't any less ambiguous than "12:00" in that respect, yet it still seems to be used for some reason.
It's most of the time 12.01, because nobody is sure whether midnight is actually 12:00 a.m or 12:00 p.m. To avoid confusion or phishy interpretations they choose the one minute delay, cause it's clear that way which time was actually meant.
Midnight is obviously 12:00am, but people don't know which day it belongs to. Is midnight the start of the day? Or the end of the day? Tuesday 12:00am could be 2 different times (spaced 24 hours apart) depending on your interpretation. If you say 12:01am, there is no ambiguity.
A lot of people in high school probably ignored their math teacher when he explained open/closed intervals.
Being a German, I can hardly imagine security being the reason - I rather think it's bureaucracy and/or a complete misunderstanding of how computers work.
Public services either close much earlier, or are 24/7.
Oh, I very much doubt that. If anything, I'd wager it's a purely technical/process decision. I bet there's some ancient mainframe deep behind that API that runs batch jobs and reports overnight.
The whole student management system at my uni (which was implemented at the start of this year) is like this too, down between 2am and 4am to 'synchronise the timetabling system'. I think it's to do with the massive Oracle backend, but I don't really understand the need.
Perhaps a bit OT: Most/all home/"small office" router firmware lets you designate hours of operation. This can be used as another means of limiting the risk of an undesired connection.
Now that I consider this again, I was thinking of the wireless signal. I'll have to check whether the functionality also applies to the wired connections.
I dont think it's a security issue. VAT numbers are public (like registration numbers for companies), it's just that every country keeps its own registry, and this is a tool to verify that a VAT number is valid.
For a government-to-business service, the overwhelming majority of legitimate transactions will occur during office hours and few people will be significantly inconvenienced by closing overnight. The risk of an attacker gaining even a few hours of brute-force insight is great, but the rewards from operating 24/7 slight.
While I'd like to be able to do my Companies House filings at 4am, I'm more keen to see my data protected.