Security takes priority as firms compete to offer mobile banking
PP Post, TUESDAY, 08 JUNE 2010 15:00 JEREMY MULLINS
Two competitors – ANZ’s WING and ACLEDA’s forthcoming Unity – take different approaches to securing customers’ mobile transactions.
INFORMATION security is essential to facilitating mobile banking, and rests heavily on individuals’ securing their PIN numbers, according to Cambodian industry leader WING’s head of operations.
“The level of trust our customers have in our bank-level security is very important to us,” Michael Joyce wrote in an email. WING is owned by ANZ Bank and says it has signed up more than 150,000 customers.
The firm has experienced a small handful of cases of theft or fraud, he said. “In most cases [of theft], the customers have told their PINs to a friend or relative, and it’s been someone they know who has cheated them.”
WING requires its users to input their individual PIN numbers to complete each transaction, he said.
When a theft occurs, the firm examines transaction logs to investigate cases, Joyce said. “We usually find the culprit and return the customer’s money.”
Phnom Penh-based information-security consultant Bernard Alphonso said WING’s security system looked reasonably safe and broad after reviewing security measures the firm provided to the Post.
“The only weakness, as WING acknowledges itself, is linked to the lack of authentication.
This problem could be combated by users’ taking ownership of security measures, Alphonso added.
“All users should memorise their PINs, avoid writing them on a piece of paper that they carry with them, and make sure nobody is reading over their shoulder when they type in their secret PIN code.”
Security for users of ACLEDA’s Unity mobile banking service, to be launched by next month, also rests on keeping PINs secure, Senior Vice President Sok Sophea said.
“If customers lose their phone, their mobile banking is still secure because people cannot get access without a PIN.”
The services offered by WING and Unity both offer money transfers to the Kingdom’s users, but operate with different restrictions.
ACLEDA’s Unity service will be open to users on any mobile-service provider, but require a more advanced phone to access the full range of banking services, Sok Sophea said.
A fund transfer using Unity’s web browser or application-based service travels via the internet, connected to core banking by New Zealand banking software provider Mobile Commerce Ltd, he said.
Sok Sophea said four levels of security protect Unity transactions: a firewall securing the database from outsiders, Secure Socket Layer internet data security, authenticating each transaction through customer information files, and PIN numbers.
Meanwhile, WING’s transactions are restricted to users operating on four mobile providers, but can be accomplished with nearly any quality of phone, Michael Joyce said. He added that each transaction, similar to sending SMS messages, is fully encrypted.
“We use a technology called USSD2, which is built into almost all GSM phones, even older models. It doesn’t store any information on the phone handset, so it’s safe for users even if they use someone else’s phone.”