Security Basics mailing list archives
Security Issues in Mobile Banking
From: MOHESOWA BYAS <byasmohesowa () sbm intnet mu>
Date: Tue, 11 Mar 2003 10:21:41 +0400
Hi, There is one ISP offering SMS Based Banking, whereby customers who already have an Internet Banking account can send an sms based query, and get their balance as an sms reply User sends his user name and password to the service provider as an SMS, the ISP processes the request by running a script which initiates an "https" session with the Bank's Internet Banking Server, and does a balance inquiry using the username and password. If the credentials supplied are valid, then the balance info is sent back to the user as an sms. UserName & password is not encrypted on the ISP server which sends the script, however they are replaced by **** in the log files We have some doubts as listed below: 1. Is mobile banking a proven safe technology ? 2. Is this a common type of service or is it completely new? 3. Are there any known security incidents using this service? 4. What features should we consider to make a risk assessment of the service being proposed? 5. Any other items that must be considered? Thanks for your feedback! Regards ########################################### This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange. For more information, connect to http://www.F-Secure.com/
Current thread:
- Security Issues in Mobile Banking MOHESOWA BYAS (Mar 11)
- Re: Security Issues in Mobile Banking Valter Santos (Mar 13)
- <Possible follow-ups>
- RE: Security Issues in Mobile Banking Aigar Käis (Mar 12)
- RE: Security Issues in Mobile Banking KoRe MeLtDoWn (Mar 13)