In order to improve security, ABSA recently deployed an SMS alert to their Internet Subscribers whenever the subscriber logs into the Internet Banking site. This means that a subscriber gets a SMS as soon as a successful login has been done.
An interesting side-effect of this deployment is that subscribers to their mobile banking service now gets multiple SMS's confirming that the user has logged on whenever a transaction is done on the mobile phone. This leads me to the following conclusions:
- The ABSA cellphone banking application sits on top of the Internet banking application and requires a login for every transaction
- The benefit of dual channel confirmation for an Internet login with mobile confirmation, turns into an irritation when the same confirmation is utilised for mobile banking
- Security techniques for the Internet (especially when utilising the phone) is not directly applicable on mobile banking
- It is a risky architectural design to bolt mobile banking onto an existing Internet banking application
No comments:
Post a Comment