"Brandon McGee, Industry Insider, Mobile Banking Guru...He is not only the real deal, a genuine industry insider, but also knows exactly what's on the minds of financial service pros as they contemplate the various mobile options." - Jim Bruene, Publisher & Founder, Online Financial Innovations

"Going Mobile. Local executive carves niche as national expert on fast-growing banking-industry technology trend" - Scott Olson, Indianapolis Business Journal (IBJ)

"Brandon McGee, the industry's unofficial ambassador for mobile banking" 

Sunday, November 9, 2008

GSM Safer than CDMA?

I found an article on security titled Report: GSM Best for Mobile Banking a couple of weeks ago, and I would appreciate hearing your opinion. I've been in the mobile banking space for awhile now and this is the first time I've heard that one format is "more secure" than another.

Also, here's an article that may help if you're not familiar with the details on which carrier is using which format Twisting Technology.

4 comments:

Anonymous said...

this question came up today during a panel discussion at the mobile money transfer conference in dubai & the panel dismissed it. basically they suggested that there are so many new security measures in play that to suggest that a GSM network is more secure over a CDMA network is an inaccurate statement. you can't answer this question by looking at the network only, you must consider the application on the mobile device & how the transaction is treated at the receiving end.

maffeis said...

I doubt it. Even though GSM uses an ecryption layer, I heard on various occasions that sniffing hardware can be purchased for decrypting GSM traffic (voice, GSM, USSD I guess) going on in your surroundings. Also I heard that operators can see all GSM related traffic in clear text whenever they need or want.

Viral Shah said...

This seems to be a propaganda by Smart Card (SIM) manufacturers.

I do see advantages of SIM as being a Tamper Proof Storage, and the advantages it brings. However, the claim assumes that there is no Application Layer security implemented on top of whatever GSM/CDMA offers.

In reality, both WAP/XHMTL and Rich Clients can use HTTPS, which provides comparable security in both GSM or CDMA. SMS offers the same level of security/vulnerability in both cases.

The only thing GSM brings-in is SIM-Toolkit (STK) based applications. Couple high-level issues with STK:
1. Carrier has to be trusted for User-authentication by the bank.
2. STK offers limited features, usability is a big issue.

Overall, I wouldn't pay much attention to this claim.

Cheers,
Viral Shah

Unknown said...

Hello Brandon,
in fact the main security of GSM is the mandatory SIM card.
But with the emergence of the 3G and the generalization of USIM card, may be the security difference between the 2 "old" standards (CDMA and GSM) is no more a matter of concern.