Personal Finance >
Banking Basics
RSS FeedIs banking by cell phone safe?
Results so far:
Votes are still being tallied.
Join the Debate now.
Yes
Write now
Print
Invite a writer™
Add to FavoritesCell phone banking, more commonly known as mobile phone banking, is the latest self service channel that banks have opened up to their customers. Its biggest appeal is convenience. As with Internet banking, you can access your accounts info at any time of day, but it offers the additional convenience of being able to access your accounts from anywhere. (Okay, I suppose you can access Internet banking from anywhere if you happen to carry a laptop about with you, but a phone's something we always have on us whereas a laptop's not!)
Alongside convenience, however, another factor that people have to weigh up is security. Is the service secure? What happens if I lose my phone? The scare stories that surround Internet banking have also added to the prominence that people place on security these days.
So, let's look at a typical security model for mobile phone banking. The first thing to say is that the logon process will require the user to enter a passcode or password (or a combination of these), in the same way as you already do if you use Internet banking. You can increase the security surrounding your passcode details by not writing them down anywhere (and not saving them on your phone!) and by choosing a passcode or password that is not easy to guess. i.e. Don't choose your year of birth, or your pet's name.
The next important thing to point out is that no banking data is stored on your phone, so if you lost your mobile handset, a fraudster would not be able to retrieve any banking details from your phone. Instead, you just download an applet onto your phone and all the data is stored on servers rather than the phone.
Additionally, only a registered handset that is linked to the account can be used to access the account information. What that means is that it is only possible to access the service from your specific mobile phone using your specific passcode. This is quite an important point, as I'll illustrate by making a comparison with Internet banking.
With Internet banking, account information can be accessed by putting specific logon credentials into any computer that has Internet access. So, if a fraudster gains hold of your security details, then they stand a good chance of compromising your accounts. However, for mobile phone banking, they would require not only to have your security details but also to have got hold of your phone.
Banks have been strengthening the security of Internet banking by rolling out something called Two-Factor Authentication (2FA). The basis of 2FA is that you should only be allowed to conduct certain online transactions (e.g. 3rd party payments) if you go through an extra security loop. Typically, this is being facilitated by issuing Internet banking customers with card reader devices. When the customer goes to do an Internet transaction, a one-time secure passcode is sent to their card reader device. The customer puts their debit/cash card into the card reader and retrieves the code, which they then enter into a screen within online banking to authorise the transaction.
The basis of 2FA, as an added protection mechanism, is that you have to use a combination of something you know (your passwords) and something you have (your card) in order to do the transaction. If you think about the mobile phone banking set-up, it automatically falls into this model i.e. you have to enter a passcode (something you know) into your mobile handset (something you have).
I don't doubt that organised crime gangs will look at mobile phone banking and will try to find ways to exploit it. Internet banking has been affected in recent times by phishing attacks, where fraudsters send you an e-mail asking you to divulge your internet banking logon details. Where customers have been tricked into giving away their details, the fraudsters have been able to steal money, though for the most part banks have so far refunded any customers who have been affected. Mobile phone banking could also be subject to phishing attacks, so if you receive a text asking you to divulge your passcode details, then press the delete button! However, even if the fraudster does trick you into giving them your security details, they would also need to steal your phone before they could do anything, so it's a fairly low risk, especially as many of the phishing gangs are based in far-flung countries.
Banks also conduct comprehensive penetration testing (conducted by independent technology experts) to make sure that their mobile phone banking (and Internet banking) services remain secure. (Note: The problems that have been experienced for Internet banking, through Phishing attacks, highlight that fraudsters rely on people giving away their security details. Fraudsters have not been able to hack their way into the banks' secure services).
A final point to mention is what happens if I lose my mobile phone? The first thing you would do in such an instance is to phone your mobile operator to advise them that your phone has been stolen. They would then deactivate your phone number. Once that phone number's been deactivated, you won't be able to access mobile phone banking, even if you enter the correct security details. To reactivate mobile phone banking, you'd need to re-register for the service. For added peace of mind, you could also phone the bank's helpdesk and they would be able to put a stop on the service.
Learn more about this author, Simon Wright.
Click here to send Author comments or questions.
No
With the current trend of phone tapping, snarfing and other identity theft or intrusion methods, one would have to believe no.
Some may argue that blue-tooth would be a good defense against this due to its supposed anti hacking software. Keep in mind, as technology advances so do techniques of criminals.
One quick scan of your phone and one has all they need to duplicate it. They will receive what you receive and see what you send. This can also occur with intercepting transmissions due to information being shared by 'waves'; just stick an adjustable receiver in the way.
The geek-guerrilla method of snarfing is to modify one such receiver into a type of gun where they just point and click. Depending on what information you keep on your cell phone they may get away with nothing, or they just might have your pin number because of your history information. If there are restaurants employing devices to cancel cell phone transmissions inside, then how easy would it be to just receive all that information?
The argument for the same thing happening upon hard lines may be true, but access to phone lines and tapping into such will draw too much attention. Keep in mind that if they do attempt to tap into the hard line, they may expose themselves to certain government officials doing the same thing.
Now, should we all stop doing business on-line or cell phones due to what hackers can do? Certainly not, but rather keep up to date on technological advances.
The true crime lies in ignorance of the world around us and believing that everything we do is safe from harm. There are criminals everywhere and when you give them easier access to your cell phone, your little everything, then you might as well just pay them directly.
Learn more about this author, Dave Real.
Click here to send Author comments or questions.
Difference of opinion? Debate now.
