Sunday, October 14, 2007
Recommendation for Mobile Banking Vendors & An Update on Opera Browsers
I have an update to an article that I wrote last month titled "Opera Mini Browser & Mobile Banking." I stand behind my opinion that Opera Mini is a very powerful mobile browser, and my favorite for general web browsing. However, I have since learned that it is not conducive to mobile banking.
In fact, I received the following information from a reader:
"...one important thing to note is that Opera Mini provides inadequate security for Mobile Banking - the technology that Opera Mini uses results in the data being decrypted on the Opera server, very similar to the old "WAP gap" problem.
This is clearly documented on the Opera web site:
http://www.operamini.com/help/faq/#security
Is there any end-to-end security between my handset and for example paypal.com or my bank?
No. Opera Mini uses a transcoder server to translate HTML/CSS/JavaScript into a more compact format. It will also shrink any images to fit the screen of your handset. This translation step makes Opera Mini fast, small, and also very cheap to use. To be able to do this translation, the Opera Mini server needs to have access to the unencrypted version of the Web page. Therefore no end-to-end encryption between the client and the remote Web server is possible. If you need full end-to-end encryption, you should use a full Web browser such as Opera for Mobile.
Can Opera Software see my passwords and credit card numbers in clear text? What is the encryption good for then?
The encryption is introduced to protect the communication from any third party between the client (the browser on your handset) and the Opera Mini transcoder server. If you do not trust Opera Software, make sure you do not use our application to enter any kind of sensitive information."
Naturally my question back to the reader was, "Am I reading correctly then that Opera for Mobile is secure? Are there any other free, downloadable browsers that do provide end-to-end security?"
And the response -
"Opera Mobile is available for Windows Mobile and Symbian 60 phones. It is not free however - the cost is $24 after a 30 day free trial.
http://www.opera.com/products/mobile/products/winmobile/
http://www.opera.com/products/mobile/products/s60/
You can find a list of Symbian 60 phones here - make sure to search for the ones that are available in North America (note that the RAZR is not on this list):
http://www.s60.com/life/s60phones/browseDevices.do
I am not aware of any free downloadable browsers that provide true end-to-end security."
To bring this full circle -
It has become clear to me over the last 6 months that a significant number of bankers and research companies believe that a 3 channel offering (SMS, Browser-based, Downloadable) is the optimal solution. Yet, we know that many of the mobile browsers pre-loaded on phones are inadequate. Therefore, my recommendation is this. If you are a vendor currently offering a downloadable application, please find a way to incorporate a top-notch web browser into the download.
Labels:
Browsers,
Mobile banking,
Opera for Mobile,
Opera Mini,
Security
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment