Software application development
This blog is intended to provoke discussion and exchange between like minded software application developers, engineers, architects, project managers - and keen hobbyists too.
Thursday 30 October 2008, 7:20 PM
Mobile banking: ease-of-use is more important than trust, really?
Let me explain, the company’s proposition was that if I am using a mobile banking service then there is an implicit level of trust that I must have in my bank in the first place - and that the functionality and usability of the application will be the deciding factor in terms of whether I use it or not.
That’s great, they have some cool authentication tools that produce one-time passwords and they do have a lot of customers. The problem is that I am already sceptical about the robustness of my own bank’s online service and its ability to keep my money safe. God knows they manage to spell my name wrong enough of the time; there are errors and loopholes in their systems for sure.
Even if Vasco’s authentication systems work well which I’m sure they do, how about the fact that ease-of-use isn’t just about how easy their technology is to use; it’s also about the total experience and mobile screens from funky smartphones to BlackBerry’s to PDAs to iPhones just aren’t suited (IMHO) to this kind of application navigation.
Now, this rant has some direction – if Vasco says the biggest market today for this kind of service is South America (seems weird huh?) and the biggest market in terms of potential is India… then don’t these both fall into the developing so-called BRIC countries where low incomes dictate that the old fashioned small screen phone is surely more common than the iPhone. Checking your bank statement on one of those? Are you kidding?
Anyway onto an interesting quote… Vasco says that, “In 2008 on a typical day online there are 26 million Americans performing banking online.”
… and that further, according to Javelin Strategy and Research “In 2008, 27 million US adults will participate in mobile banking.” (that’s all year) … but in 2009, “That number will grow to 47 million.”
The driver behind this growth, so protagonists such as Vasco would have us believe, are technologies in the realm of their authentication techniques that are based around time and event-based response. After being easy to use and secure, mobile banking apps also need to make money for the bank – but presumably that comes directly as a result of ease-of-use.
Vasco’s Digipass for Mobile provides two authentication applications, first of all a response only authentication code and a second application that can either be a challenge/response authentication code or e-signature.
Ultimately, I think that scepticism aside, mobile banking will of course become as much of a reality as ATMs or secure online payments. I still think it may be more of a wider trust factor that governs the way we start to use these technologies though. As much as I might worry about desk based online banking, I console myself with the fact that surely my bank is insured for attacks upon its accounts.
Maybe I’m just a worrier – or maybe I’m just kidding myself.
PreviousComments on this post
Could be the start of a vicious circle there Adrian! 26 soon to be 47 million people glued to their banks web pages looking for any unusual transactions thus increasing the chance of interception.
According to micromart, the types of encryption being used for wireless systems are terribly insecure. A casual hacker could rip wireless traffic out of the air and decrypt a WEP in less than 5 minutes.
There are people out there who believe hiding the service set identifier makes them invisible as an option out there in the ether (laptops use this to look for available networks) but it doesn't, and once this is cracked the WI FI signal won't even be encrypted.
On top of all this WI FI protected access is also being cracked by brute force methods. As for WPA2 I can't comment on this just now.
Yes I worry about the whole wireless+ banking situation as well. It seems anything can be cracked, and from where I'm standing ever more complex and clever encryption will be constantly matched by ever more powerful and faster hardware. All the better to decode you with!!
Excellent point Roger - yes! It is a vicious circle, more time online, more chance of a hack. I buy that argument totally.
I don't know, these vendors are pushing this stuff out and they're all super confident about it. I did ask if they ate their own dog food and used the services themselves and of course I got a 'yes'...
They reckon that even if the passwords (that are one time generated) are intercepted, that they will mean nothing to the hackers that might get hold of them because they will be event based and out of context... but well...
So get this - there were two other journos in the room, both more "financial tech" qualified than me to be honest - and they seemed to go for it, well - more than me I would say.
We all know that the men in black can read every email that bounces around the Kremlin... so what comes next I can't possibly guess.
I think the situation may be comparable to crossing the road, usually it's ok but there will always be casualties. Did you know that banks had a habit of working out the costs of combating banking fraud and then invest the money on other projects instead such as buying up property!
GCHQ in Cheltenham comes next Adrian. Its going to be very complex and tricky though, and you can bet that the people with the best tenders and marketing techniques will not have the best IT knowhow behind them.
