Bank on Your Cell Phone

AnonGirl writes "Big banks are launching mobile banks to 'keep customers and generate more payment revenue down the line.' Citibank is working on two pilots: one with Obopay, and the other for contact-less payments. AT&T phones will have Wachovia already installed in their phones by fourth quarter 2007. The downside: 'Even though banks are not charging for their service, carriers do charge for accessing data through their phone.'"

I wonder...

[Whuffo]

Did any of these banks actually do any analysis of the security of cell phone data?

It hasn't been that long since Paris Hilton's cell got hacked and everyone got to see what she kept on her phone; maybe AT&T has better security on this stuff - but I'd bet not.

I don't think this is going to turn out well...

Re:I wonder...

[jorghis]

Well most stuff in the real world has pretty poor security. The thing that stops thieves is that whole "youll go to jail if you do this" thing. I mean how easy is it for a waiter to copy down your credit card number when he goes back to run it? Or take a quick cell phone picture when the guy in front of you in line hands the clerk his credit card. And yet somehow people still use their credit cards. I suspect that it is because we have this cool thing called law enforcement in this country that deters people from committing crimes. It wont be any easier to steal your info now than it was then.

If anything I would trust this more because it actually has the potential (if implemented well) to be far more secure than a number printed on the front of the card for the world to see. Even if they are broadcasting data unencrypted it will still be more secure than regular credit card use because the difficulty of electronic eavesdropping is much higher than the difficulty of reading a number on a card.

Is this new?

[janek78]

I live in Europe and I've had my bank in my mobile phone for several years now (can't actually even remember how long). Making payments, checking balances, getting information. I also use my mobile to get the security confirmation code when using the online internet banking.

True, the mobile does not have all the functions of internet banking, but it is good enough to transfer money to your friend who just paid the bill in a pub when you forgot your money at home. You just need to make sure you punch in the right number of zeros, in case you had more glasses to drink.

Re:Is this new?

USA is a backwater for mobile technologies...

My bank has worked with my mobile for a long time

[dybdahl]

The Danish bank http://www.jyskenetbank.dk/ easily works with Mobile Phones, and has done so for some time, at least a year, and probably for several years. Their official list of supported operating systems include Macintosh, Linux and Windows 3.1, and the homebanking system features all the usual stuff.

I can even use my mobile phone to design a new picture for the front side of my next Visa card, in case I don't like any of the standard visa credit card looks, that the bank provides.

And why does it work? They use standards-compliant HTML code, an OS independent authentication system and use few bytes per page view.

The march of history

[kahei]

So when this became commonplace in Japan, it wasn't news.
And then when it became commonplace in Korea and Singapore, it still wasn't news.
And then when it became commonplace in Europe, it still wasn't news.
And then when it became common in Latin America (at least cities I've been to), it still wasn't news.
But now... the USA is catching up! And that's *news* folks!

And quite rightly. There weren't any barriers to the adoption of techs like this in asia etc., whereas in the US there has been a powerful, entrenched telecoms industry with no impetus to compete or change. If that barrier is becoming less effective then that could have important implications.

The question is, is it just 'technological osmosis', or is there an actual change in the balance of power...

Disclaimer: I don't even have a mobile (that works), so it's possible the barrier to progress is actually me.

LINK in the UK

[rapiddescent]

Abbey National had a WAP mobile solution in 2000 that was simply a thin presentation veneer on their J2EE eBanking platform (that also served SKY Digital Satelite TV at the time). It was never very popular and has been switched off now - which is a pity because the guys working on this really struggled to get it the interface to work on a 12x6 char screen!

back in the day (1998), I designed a mobile banking product for the palm pilot for the consultancy I worked for - the idea was that you could sync the palm pilot using IR through the front windows of the high street bank securly. needless to say, it never sold. for those that developed palm apps; it uses the palm prc identifier "BANK" !!!

The bank I'm working at now is going down the mobile banking route. Here in the UK the operator of one of the largest cash machine (ATM) networks LINK is producing a national white labelled system so that all banks can buy into it at low risk. One of the problems with this is that with some 2 factor authentication schemes using the mobile phone will end up losing "a factor" and will have to use other 2 factor schemes such as one time passcode schemes or the APACS CAP EMV Cards with a card reader.

The problem with the mobile devices is their security of static data - as much blogged by mikko at f-secure

rd

Bring down the prices

[moosesocks]

The cell phone companies have a huge untapped market for customers that's completely inaccessible because of the massively high price of data plans.

Once a provider starts offering a plan that either gives me a reasonable amount of data bundled in with my calling plan, or allows me to trade my talking minutes for the equivalent amount of data (I'd imagine that their costs would work out to be the same, given that everything's digital and is most likely routed alongside IP traffic).

The problem is that cell providers in the US have an awful habit of nickel-and-diming their customers out of every little fee they can find. There's *NO* reason why a teeny-tiny text message should cost the same as a minute of talk time.

Some day, one of the companies is going to realize this, and within two years (because of the stupid abusive-contracts-that-really-should-be-illegal) they'll have captured a huge share of the market. The service industries in America really need to learn to treat their customers like humans.