Wednesday, April 02, 2008

Interesting Architectural Problem

ABSA is a leading retail bank in South Africa with a good mobile banking solution deployed. They were one of the first companies that have deployed mobile banking solutions in the world and have managed to grow their subscriber based to a substantial size. The solution has been developed and is supported by and internal team and is a very advanced deployment compared to world standards.

In order to improve security, ABSA recently deployed an SMS alert to their Internet Subscribers whenever the subscriber logs into the Internet Banking site. This means that a subscriber gets a SMS as soon as a successful login has been done.

An interesting side-effect of this deployment is that subscribers to their mobile banking service now gets multiple SMS's confirming that the user has logged on whenever a transaction is done on the mobile phone. This leads me to the following conclusions:
  • The ABSA cellphone banking application sits on top of the Internet banking application and requires a login for every transaction
  • The benefit of dual channel confirmation for an Internet login with mobile confirmation, turns into an irritation when the same confirmation is utilised for mobile banking
  • Security techniques for the Internet (especially when utilising the phone) is not directly applicable on mobile banking
  • It is a risky architectural design to bolt mobile banking onto an existing Internet banking application
As always, to stimulate debate... What do you think?

No comments: