"Brandon McGee, Industry Insider, Mobile Banking Guru...He is not only the real deal, a genuine industry insider, but also knows exactly what's on the minds of financial service pros as they contemplate the various mobile options." - Jim Bruene, Publisher & Founder, Online Financial Innovations

"Going Mobile. Local executive carves niche as national expert on fast-growing banking-industry technology trend" - Scott Olson, Indianapolis Business Journal (IBJ)

"Brandon McGee, the industry's unofficial ambassador for mobile banking" 

Sunday, August 3, 2008

Mobile as a 2nd Authentication Factor

I'm often asked the question, "is it safe to use mobile banking?"

And my response is...Yes! In fact, I'd argue the mobile banking clients are less likely to experience significant fraud because they have the ability to more closely monitor their account activity - anytime, anywhere.

Plus, with the advent of tools such as PhoneFactor, I contend that your mobile device can actually make it even safer to utilize other banking channels as well.

If you're not familiar, PhoneFactor utilizes a phone call as a second form of authentication. Think token without the extra hardware.

Here's how the service was described by BTN in the article Ten Technology Companies to Watch 2008, "When a customer enters their username and password to an online banking site, PhoneFactor intercepts the signal and sends an encrypted message to the PhoneFactor voice response unit. The customers cell phone rings, and they’re asked to push a button or enter a code if they’d like to login. If not, some configurations allow users to immediately report fraud."

They also have a demo - check it out.


Andrej Turcan said...

Mobiles and 2FA. Yes, to me it looks like the perfect way to go. But sorry for that, to me the PhoneFactor solution, is not that much safer than noncrypted SMS with OTP. 2FA is nice as you have something to know, and something to have. But I think, this "something to have" should be physical object, and not GSM network identity (neither your handset, nor your SIM card, is needed to perform call from your telephone number, or receive call intended for your number...), which is obtainable with correct tools. I agree, it is another obstacle for attacker, but I personaly, do not see it as that big one...

People are carrying several chip cards everyday (payment cards, sim cards, loyalty cards, ...) and it looks like not many banks care about it, instead they equip you with bunch of keyrings (or similar tokens). As I have said, to me use of mobile phones is very appealing - but not this way..

Brian Kirk said...

Great article & I agree with you that Mobile Banking & mCommerce in general can be more secure than plain eCommerce services. At Jaduka we have marketed similar security services to credit companies using our Voice APIs. As you suggested, voice communications go along way in creating a more secure environment. You can learn more about Jaduka's approach to security at http://enterprise.jaduka.com/showcase/protect.