Public Administration News
Share
 |
Tanzania: Mobile Banking and its Safety |
| Source: |
The Arusha Times |
| Source Date: |
Saturday, June 23, 2012 |
| Focus: |
ICT for MDGs
|
| Country: |
Tanzania |
| Created: |
Jun 25, 2012 |
|
|
Banking on a mobile phone or computer is getting more and more popular. But how safe is it?
As long as your computer or telephone's web browser has a secure connection, it is just about as safe as banking via a bank teller. However, mobile device users tend to expose themselves to risks that they'd steer clear on computers or their phones. We act more quickly and are less careful about potential risks.
To stay out of trouble, think twice before entering sensitive information into a mobile device. You might be out and about, busy with a number of things, and distracted -- and that's just what the hackers are counting on.
Once a very prolific Telecommunications expert mentioned that Tanzanians have peculiar calling habits and are too much in love with their mobile handsets. The astute Expert read the Tanzanian environment well and built a multi award winning innovation around this peculiar habit. He saw that along with increased usage of mobile phones and knowing that the handset would become an excellent primary digital channel for money transfer in the East Africa thus the birth of M-Pesa, Tigo Pesa and others.
Fast forward to the current situation. Mobile money products now directly compete with local banks for market share on deposits and money transfer commissions and now "almost every bank has a little research and development project" going on with mobile banking. They're all experimenting with it. However, the question still remains how safe is mobile banking?
Most mobile banking platforms use what we call USSD (Unstructured Supplementary Service Data) for transactions. USSD is a Global System for Mobile (GSM) communication technology that is used to send texts between a mobile phone and an application programme in the network in this case.
Essentially there are only two ways which imposters can intercept mobile banking data and transaction; when it is in the air and when it is stored on physical computers dedicated to running one or more services to serve the needs of users of the other computers on the network known as servers.
The USSD signal itself is not converted into a form called a ciphertext, that cannot be easily understood by unauthorized people when it is transferred over the air the process is called encryption. However the GSM channel that carries the signal has built-in encryption, authentication, authorization and accounting protocols.
To put it simply it is not easy to compromise such a system as it would cost a huge amount of cash to buy equipment which can do that. Most mobile banking application link customer bank accounts to the client's telephone numbers. So, this tells us that vulnerability is on the client's side due to carelessness and ignorance. M-banking is at its most vulnerable at the point of registration. It is important to ensure that the very high security available on mobile phones is not compromised by a weak registration process.
The best way to ensure that a bank account is not compromised is to only allow "over-the-counter" registration that ensures KYC (Know your customer) checks are carried out.
Only when a bank-employee has verified ID documents then it should be possible to register a client for mobile services this is also beneficial to both the bank and the client.
Another way is to use the ATM-network to perform mobile banking registrations. This is a secure way, as the listing would require a card present and the subsequent PIN selection and delivery can be transmitted in a very secure way.
As the number of mobile banking users rises, hackers are likely to target mobile banking solutions. The security of your money depends upon how your bank chooses to implement mobile banking. Like many other products, some solutions are more secure than others.
Customers are also advised to sign up for mobile banking with organizations that have a best practice on internal information security policy and additionally the mobile banking application with its associated business processes are routinely reviewed and audited.
|
|
|
|
|
|
| Rate: |
0 ratings
|
Views: |
50 |
| Comments: |
0 |
Bookmarked: |
0 |
Tagged: |
0 |
|
|
|
|