Slashdot Mirror
Bank on Your Cell Phone
AnonGirl writes "Big banks are launching mobile banks to 'keep customers and generate more payment revenue down the line.' Citibank is working on two pilots: one with Obopay, and the other for contact-less payments. AT&T phones will have Wachovia already installed in their phones by fourth quarter 2007. The downside: 'Even though banks are not charging for their service, carriers do charge for accessing data through their phone.'"
AT&T phones will have Wachovia already installed in their phones by fourth quarter 2007.
I guess the "ph" in iPhone will get a strange emphasis with people's accounts "mysteriously drained" for some reason.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
My phone is not an ATM, why are they trying to make it like one? Sure, I can transfer balances on a whim to different accounts, but who really needs to do this on a regular (i.e. more than once a month) basis? And for those transfers like credit card payments, i'm sure you sit down in front of your computer at least ONCE a month.
It hasn't been that long since Paris Hilton's cell got hacked and everyone got to see what she kept on her phone; maybe AT&T has better security on this stuff - but I'd bet not.
I don't think this is going to turn out well...
I live in Europe and I've had my bank in my mobile phone for several years now (can't actually even remember how long). Making payments, checking balances, getting information. I also use my mobile to get the security confirmation code when using the online internet banking.
True, the mobile does not have all the functions of internet banking, but it is good enough to transfer money to your friend who just paid the bill in a pub when you forgot your money at home. You just need to make sure you punch in the right number of zeros, in case you had more glasses to drink.
Suppose I am on assignment in Vietnam. Does this mean that my phone will be inviting me to increase my dong, and that these will actually be legitimate investment opportunities rather than something sleazier?
I've had banking on my phone for ages. Not just the mobile, but home phone, pay phone, any phone. And with the rates my carrier charges, it's actually cheaper using the voice service than the net.
I don't therefore I'm not.
All the iPhone plans come with unlimited data. Next, please.
Username taken, please choose another one.
The Danish bank http://www.jyskenetbank.dk/ easily works with Mobile Phones, and has done so for some time, at least a year, and probably for several years. Their official list of supported operating systems include Macintosh, Linux and Windows 3.1, and the homebanking system features all the usual stuff.
I can even use my mobile phone to design a new picture for the front side of my next Visa card, in case I don't like any of the standard visa credit card looks, that the bank provides.
And why does it work? They use standards-compliant HTML code, an OS independent authentication system and use few bytes per page view.
than banking on the net ? Whats the diff between a GPRS enabled phone and this ?
I live in Argentina, and I've had this for a long time already. There are 2 ATM networks here. Link and Banelco. Link is usually used by government-owned banks, and Banelco for private banks. Banelco is years ahead of links in a lot of features, including mobile banking: a Java app where I can check account status, movements, balance, make transfers, pay bills, whatever. Citibank Argentina uses Banelco so yes, if I were a Citibank customer I'd have this feature too (but I am a customer of Standard Bank, formerly --2 months ago-- BankBoston. It was the last BankBoston in existence -- Fleet or Bank of America didn't rename it, so 2007 was the last time the brand "Boston" was used. Not a nice way of ending a bank that operated in my country (1790) since it was even a country (only in 1816 we had independence from Spain). Also Standard is so boring with their white-on-blue logo :)
Oh, yes, Standard, like Boston (and HSBC, Citi, BBVA, Santander,...), uses Banelco. So I do have this feature (and a Visa debit card). And I use it quite often.
Another reason for someone to steal my phone? :S
Lose alot more than phone numbers and a few long distance calls though...
Sweet, now I can see how little money I have no matter where I am!
brian botkiller "Condensing fact from the vapor of nuance" - Neal Stephenson, Snow Crash
The largest bank, OTP, in Hungary provides mobile banking for a few years. The internet banking is also quite secure. If you want to enter into your account you will receive an SMS on your mobile phone with a password. This password is valid for 5 minutes. So, it's not enough for an attacker to obtain your ID and password (eg. via phising) he has to get your mobile phone, too.
Government cannot make man richer, but it can make him poorer. - Ludwig von Mises
This has been in South Africa (a 'third world country') for a few years already, were the banks here are effectively run as organized crime cartels.
i for one look forward to someone stealing my bank login or account info from my phone when i forget to turn off bluetooth and/or my wifi connection.
"all i wanted was a pepsi..."
In Estonia we have been able to do this for forever. I can check my balance and transfer money to a friends account via a text message. We can even get an instant loan of up to 3000eek (roughly $300) by sending a text message and within 5 minutes the money is in our account and on my bank card which I use to buy everything, with a smaller interest rate than most USA credit cards.
So when this became commonplace in Japan, it wasn't news.
And then when it became commonplace in Korea and Singapore, it still wasn't news.
And then when it became commonplace in Europe, it still wasn't news.
And then when it became common in Latin America (at least cities I've been to), it still wasn't news.
But now... the USA is catching up! And that's *news* folks!
And quite rightly. There weren't any barriers to the adoption of techs like this in asia etc., whereas in the US there has been a powerful, entrenched telecoms industry with no impetus to compete or change. If that barrier is becoming less effective then that could have important implications.
The question is, is it just 'technological osmosis', or is there an actual change in the balance of power...
Disclaimer: I don't even have a mobile (that works), so it's possible the barrier to progress is actually me.
Whence? Hence. Whither? Thither.
I've been using cellphone banking with CIBC in Canada for years now. It's very handy, and surprisingly easy to navigate. I'm rather amazed that this is only now coming to the US.
Be relentless!
Mosaic software's Postilion could do this in 2001. Mosaic is a South African firm that has a number of clients world wide. They also have customers in the US, so the chance that this was available earlier is quite possible.
!
Here in South Africa our major banks have had this for years already...
this has been old news all over world for years!
MWUAAAAHAAAAHAAAAAHAHAHAHAHAAH
back in the day (1998), I designed a mobile banking product for the palm pilot for the consultancy I worked for - the idea was that you could sync the palm pilot using IR through the front windows of the high street bank securly. needless to say, it never sold. for those that developed palm apps; it uses the palm prc identifier "BANK" !!!
The bank I'm working at now is going down the mobile banking route. Here in the UK the operator of one of the largest cash machine (ATM) networks LINK is producing a national white labelled system so that all banks can buy into it at low risk. One of the problems with this is that with some 2 factor authentication schemes using the mobile phone will end up losing "a factor" and will have to use other 2 factor schemes such as one time passcode schemes or the APACS CAP EMV Cards with a card reader.
The problem with the mobile devices is their security of static data - as much blogged by mikko at f-secure
rd
First mobile payment system was developed already over decade earlier in Finland. In beginning of 90's there were tests and small trials with smart cards and mobile phones. Most got out from using a smart card for micropayments, but it wasn't usable in many places and it didn't catch fire. Japanese kind of a recycled the idea of smartcards adding RFIDs to mobiles few years back.
'Internet banking' thru mobile browser has been there since Nokia 7110 introduction thru WAP in 1999. And before that via SMS.
US is stone age of mobile technology because US carrier monopolies and Motorola.
The cell phone companies have a huge untapped market for customers that's completely inaccessible because of the massively high price of data plans.
Once a provider starts offering a plan that either gives me a reasonable amount of data bundled in with my calling plan, or allows me to trade my talking minutes for the equivalent amount of data (I'd imagine that their costs would work out to be the same, given that everything's digital and is most likely routed alongside IP traffic).
The problem is that cell providers in the US have an awful habit of nickel-and-diming their customers out of every little fee they can find. There's *NO* reason why a teeny-tiny text message should cost the same as a minute of talk time.
Some day, one of the companies is going to realize this, and within two years (because of the stupid abusive-contracts-that-really-should-be-illegal) they'll have captured a huge share of the market. The service industries in America really need to learn to treat their customers like humans.
-- If you try to fail and succeed, which have you done? - Uli's moose
Wachovia? Watch over you? Is that seriously the name of the product?
I had to check that it wasn't April 1st when I read this...
Is this meant to be tongue-in-cheek by AT&T or has that stupid 'big brother' reality show succeeded in draining our paranoia about being watched and followed?
As if the prisons weren't full of people to whom "You may go to jail" seemed "an acceptable risk" at the time when they did what sent them there. Menacing to throw people in jail has never been an actual deterrent against thieves. It only avoids that the problem escalates onto a massive scale with absolutely everyone including your aunt is doing it.
The only reason that people still use stuff as insecure as Credit cards, is that Banks put efforts to try to give some security to people.
- Whenever some transaction is done with my card that doesn't fit with my usual buying pattern, the bank will immediately call me to check with me if it was I who did the transaction or if my card or number was stolen.
- More and more credit cards are produced with chips in them, which require a code to be typed and can't simply be copied by writing down numbers. Conversely, more and more shops only accept chiped card and not magnetic stripes.
But yes, I'm living in Switzerland, so maybe they are a little bit more serious in terms of banking security over here.
It would be. In the mag-stripe theft you describe, you need to have physical access to both sides of the card (to get relevant information) and then use it in a shop (webshop) than only ask for numbers.
If the payment token is a phone, in addition to actually stealing the phone, thieves suddenly get a whole new range of opportunity that don't require the phone to leave the pocket at all : hacking over bluetooth or wifi or whichever protocol the contactless payment uses (RFID ?), droping a virus or some other trojan through MMS or other downloading service, hijacking the signal during a transaction to drop in your own additions, etc.
For a banking transaction to be secure, there must at least some kind of conscious confirmation from both parties (each one validating the transaction on its device), which would require that each party takes their contactless device out of their pocket, and push a few buttons. Which defies the purpose of contactless payment token (their only advantage is that they can stay in the purse or wherever they are).
Also, the device must be strictly minimalist in design and only do what it is supposed to do (payment) with no other additional functions (no wifi, nor bluetooth, nor downloadable plugins, etc.) which pretty much excludes smart phones from the equation.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
A Norwegian bank called sparebanken-hedmark (www.sparebanken-hedmark.no) has done this for about a year. They were also one of the first Norwegian banks who started with online banking. Thats actually quite funny since they are a regional bank in a region perceived as slow when it comes to development. I also see that there has been some comments on security, and the Norwegian bank is working closely with a Norwegian college and their programme of master study to ensure the security. Good to see that the big banks are following in an inevitable trend.
There is a service in the UK called Monilink http://www.monilink.co.uk/ which seems to work very well, and it pretty mature technology wise. Would be better to have a standard system shared by the banks like this is than a separate system for every bank.
This sig is encrypted
In 2003 We developed a full banking app for cells.
Here's the flash manual:
http://www.epp.si/navodila/eppmobile/navodilaP800
And the docs on the bank:
http://www.nkbm.si/downloadfile.aspx?fileid=885/
I guess it was before time... so commercially it never broke ground really anywhere.
Now we have Wireless PKI (full X509 signing via cell phone wihtout extra software installed)... seems the same is happening again...
With this sort of thing and the iPhone it's almost like North America has finally caught up to where the rest of the world was in about 2002/2003 in terms of mobile phone technology. They're getting there at least ;)
If anyone was waiting for a motive to produce more nastyware for cellphones, here it is.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
Mobile services in the United States are 10 years behind rest of the world.
As it has been pointed out about, mobile (as in cellphone) banking services have been around in the good old RSA (that's South Africa) for years.
This reminds me of an article I read a few days ago, in a Zimbabwe (government run) newspaper that was talking about the roll out of WiFi hotspots, as if it was a world first.
Sad, actually.
I recently bought a Nokia N95 and Bank of America was advertising banking via mobile. Well, rather than supporting the platform and browser, they also support only specific phone models. Since I doubt the US market will embrace the N95 anytime soon, I am excluded from being able to use mobile banking. It almost has a feeling that they are in collusion with "supported" phone models from US mobile carriers.
The sim chip in your phone is practically a TPM module.
There's good crypto capabilities, secure memory, secure PIN storage and enough horsepower to do EMV transactions with all the bells and whistles. That the address book is stored in unsecure memory is no one's fault in particular.
Like most services that have come before it, the network providers in the U.S. will be overcharging and adding one more burden onto our increasingly inefficient banking infrastructure.
It's important to note, a Paypass style payment is completely different than using the phone as the equivalent of an EMV style payment card.
For those Americans that don't know what EMV is, they need to realize american banks place a very low priority on fraud and other security issues because we, the consumers, assume all the costs of fraud. EMV is a very good security standard that probably won't be implemented in the U.S. in my lifetime.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
It seems to me that iPhone will be able to work for online banking for any bank. There is a lot that is compelling about a phone with a real browser.
The term "mobile bank" reminds me of going through southern Missouri and seeing a couple banks that were actually just mobile home trailers, instead of real buildings. I always thought it would be easy to rob those banks -- just hook them up to your trailer hitch and take them home. Then you've got plenty of time at the comfort of your own home to break into the safe.
Software sucks. Open Source sucks less.
I've been using telephone banking since 1992. And it wasn't new then. It worked with any phone, land-line or mobile. Granted, security was laughable, and the user interface was poor, but it certainly got the job done. It was based on this technology called "DTMF"...
I use Bank of America. And while it's great to be able to use these features from my phone, they might want to re-design their interface. Here are the steps you need to follow each time you want to check your latest checking transactions:
... you're logged in already, they could just show you your account numbers and let you choose one now.)
1. Click your bookmark to BofA.
2. Click the sign-in link on their "mobile page." (C'mon, how many people are going to this mobile interface and not signing on?
3. Fill in your user id only, no password yet, and click the "Sign In" button.
4. Verify your sitekey picture is correct, enter your passcode, and click "Sign In." Seriously, SiteKey is a 'decent' security mechanism for normal web browsing, but shouldn't I be able to bypass this if I am absolutely positive I entered the right URL?
5. This is my favorite... a page comes up with the Bank of America logo on it, and a button that says "Enter." You do nothing else on this page but click Enter. What on earth is the point of this page? Are they getting paid per click?
6. A 4 item list appears, with Accounts, Bill Pay, Transfer Funds, etc. Click on Accounts. (Mind you
7. Now you see a list of your accounts, click one to open it.
8. Oops, still no transactions appear. You now need to click whether you want to view Pending or Cleared transactions!!!
And it's as easy as that. Simply travel through 8 pages on your slow ass mobile phone (and fill in various passcodes along the way) to view your latest transactions. Every time. And yes, I've tried bookmarking various pages, but if your session times out you're starting over no matter what.
Ironically, the word ironically is often used incorrectly.
If my phone were an open platform (Linux + OSS apps) that had a "wallet" unifying all my financial accounts, but segregated from each other from their point of view over the network, I would trust it. I'd love a wallet that kept my cash, credit and portfolio available from which to pay vendors, if it kept a DB of all my transactions on the phone, backed up at my own server, and secured. Especially if it automatically set one-time passwords on each transaction, with a fairly rapid expiration for completion.
I'd like every payment to appear on my phone (auditable as OSS without vendor/network lockin) as an "OK/Cancel/Revise" invoice dialog. I just want to make sure it's my phone, and not the bank's, or Apple's, or worst of all AT&T's phone that they just let me use as long as I don't complain too much about getting exploited or privacy invaded.
--
make install -not war
Wouldn't "Wachovia" be ebonics for "Watch over you" ... as in "AT&T is going to Wachovia" ... didn't they get in trouble for that last year? Is this a "W" inspired technology?
Make America grate again!
It's just another long-standing technology being talked up as the big players get in on the action. I have Etrade Bank as one of my banks. I could do essentially all of the normal transactions on my handset (i.e. transfers, bill pay, trades, cut and mail checks, etc.) back in 2000. This was through Spint PCS, using their Vision internet service, on a web enabled handset (NOT a smart phone). This was back in the days when the handset displays were monochrome and essentially graphic-free. One small wonder was that despite the crude interface (at the time), the handset supported 128 bit SSL and sent/received the data using it when accessing secure sites (A letter "P" would be displayed on the top, next to the other handset icons).
Really, this isn't anything new. It's just being passed as news as the big banks now realize that enough of their market base is technologically adept and accepting of having this kind of banking access available that it is advantageous for them to offer it.
As for the security, it's essentially as secure as doing banking online and arguably more secure than using a public WiFi connection. Its biggest security weakness, like everything else, is the human operator.
was this on digg? couldn't find it