Mobile Banking and Usability

We have all lived through an amazing journey to see how fast mobile phones have grown in popularity. Many reasons for this massive growth have been given, ranging from the communication needs to fashion-awareness. One of the reasons for this growth in my opinion is that phones are so easy to use. I know that some people will disagree with me, but fact is that the majority of people use phones without (ever) reverting to a manual, having to go on mobile phone usage training or requiring assistance from family or friend. (Very different to what we have got used to in the Personal Computer Space).

So why is it that phones are so easy to use?

Usability design and testing has around as a formal discipline for the best part of twenty years. Mobile phone manufacturers (all of them) take usability very serious. Every design and every model usually go through rigorous usability testing cycles. Results are fed back into the design and never will a phone be released without a green light from the usability guru's. Industry advances and standards have made big leaps in this space. Techniques like the Mobile Phone Usability Questionnaire (MPUQ), the Usability Checklist for Mobile phones and many others are utilised in the design of mobile phones

Just a thought: how frequently have your mobile banking application and solutions been tested (or designed) for usability? have you contracted a supplier with a track record and capability to build mobile banking solutions that are usable?

I believe that this is the single most important reason why mobile banking applications are not being used as extensively as they could/should be. Most mobile banking applications have not been designed with due insight in and proper application of mobile usability techniques.

Who can see your PIN

Researchers claim to have found flaws in some famous brand PIN entry devices - certified by Apacs and Visa. These devices have loopholes that can enable fraudsters to access unencrypted PINs and account numbers.

The "tapping" techniques to capture unsuspected cardholder's PINs require little technical know-how and fraudsters can easily attach to the PED a "tap" that records PIN and account details as they are transmitted between the card and the PIN pad. Criminals can then use this data to create counterfeit cards that can be used to withdraw cash at ATMs in countries where Chip and PIN hasn't yet been implemented. (Read more)

In another report, a British criminologist has warned that the new security card technology could actually increase, rather than solve, the problem of identity theft and fraud. The researcher said that identity cards and chip and pin technology for credit cards were unlikely to alleviate the problem, as fraudsters react with more creative responses and individual vigilance and knowhow, which remains the best protection against fraud and identity theft will decrease. (Read more).

The biggest exposure to fraudulent transactions in my view is the lack of control that a subscriber have on what can be done with his/her PIN. How is the PIN dealt with, can it be intercepted or is it stored anyway along the line. Any third party device or transmission line that the subscriber does not have control over is a possible source of attack. PIN entry devices that are not under the direct control of the subscriber is the weak point. It is possible to utilise these devices to capture a PIN fraudulently without the knowledge of the subscriber.

Techniques are available that enable a subscriber to enter their PIN on a mobile phone in a secure way that can also be certified by banks and credit card associations. The difference with this approach is that the PIN is entered on a personal device that is (usually) under the control of the subscriber and tampering in order to capture a PIN fraudulently is much more difficult.