Is cell-phone banking safe?
Like the idea of using your phone to check your balance, pay a bill or even replace a debit or credit card? Banks do, too.
Something weird happened when I asked banks and other promoters of mobile banking about how secure it really is to use your cell phone to check balances, transfer funds, pay bills and perform other financial transactions.
Without exception, they mentioned how quickly people tend to notice a missing cell phone -- some said 18 minutes, some said 38 minutes. That, they said, narrowed the window in which an evildoer could access a mobile-enabled account.
I don't know about you, but it always makes me a bit nervous when the linchpin of a bank's security system is, well, me.
At this point, of course, there's not much a bad guy could do with my mobile-bank connection. As the banks like to say, he'd see about the same amount of information he'd get from picking up an ATM receipt.
He might see the balances in my checking and savings accounts; perhaps he maliciously could move money from one to the other or pay a bill for me. My bank account numbers aren't visible and I don't keep my user ID or password stored on the phone.
But mobile banking won't stay simple for long, and I'm not the only one who's disturbed by the banks' "don't worry your little head" attitude about mobile-banking security.
"There are too many people saying there's not a problem," said Bob Egan, chief analyst for research firm Tower Group and a man with 30 years' experience in information technology. "It's exactly the same thing I heard about e-commerce on the Web" when that was in its nascent stages.
Banks are going cellular, fast
To catch you up: After years of talking about the possibilities of using cell phones for banking, it's finally taking off.
Six of the 10 largest U.S. banks have introduced some kind of mobile-banking technology, according to information technology research firm Celent. By summer 2008, all the big banks are expected to have a mobile-banking option.
| Bank | Mobile technology | Launch date |
|---|---|---|
|
Bank of America |
Mobile browser |
March 2007 |
|
Citibank |
Downloadable application |
April 2007 |
|
Chase |
Text messaging |
Sept. 2007 |
|
SunTrust |
Preloaded application |
Winter 2007 |
|
Wachovia |
Mobile browser |
June 2005 |
|
Preloaded application |
Winter 2007 |
|
|
Wells Fargo |
Mobile browser |
July 2007 |
|
Text messaging |
In pilot phase |
|
|
Source: Celent |
Mobile banking is still in its toddler stage, of course. Only 3% of the 45 million or so households that currently use online banking have tried mobile banking, but Celent expects that to grow to 30% by 2010.
Consumers already seem interested in the possibilities. When Javelin Strategy & Research asked people what banking functions they might like to perform with a cell phone, 71% of respondents said checking balances, 41% said monitoring recent transactions and 25% said paying bills.
"I like being able to check my balance [in a store checkout line] before I use my debit card," said Celent banking senior analyst Red Gillen, who, like me, accesses his bank account using his Treo.
Such anywhere, anytime access can cut down on the possibility of a bounced-transaction fee by giving customers the options of forgoing purchases or quickly transferring money into their checking accounts.
Banks can deliver mobile banking in three basic ways:
- Through a phone's Web browser. Nearly all cell phones sold these days come with a browser, and the browser's WAP 2.0 security is pretty good, Egan said. But unless you have a phone with a keyboard, mobile banking is a bit cumbersome. Also, data charges on a cell phone can add up fast. If you don't already have one, you'll need to buy a data plan, which typically adds $30 or more to your monthly bill.
- Through a bank-specific application. This is something that's either already part of the phone you buy (preloaded) or that you get from your bank's Web site (downloadable). Again, you'll need a data plan. The download process can be difficult for a novice to navigate, although once enabled, accessing your bank is easier and faster than with a browser-based version.
- Via text messaging. Even old phones without browsers can send and receive texts, so this widens the potential banking audience considerably. But text messages typically aren't encrypted, and the functions you can perform are limited. Instead of one session, you might have a lot of back-and-forth texting to get the information you need.
In banking circles, preloaded or downloadable applications are considered the "sexiest" technology, Celent's Gillen said, with a better user interface and more possibilities for future expansion of banking services (I'll talk about that in a bit). But most banks, he said, will eventually employ a combination of all three technologies.
digg it
del.icio.us
