back to article Want branchless banking? Live in the developing world? Oops

Branchless banking apps targeted at customers in the developing world are rife with vulnerabilities, according to security researchers. A study by computer scientists from the University of Florida focused on seven of the more high-profile apps, uncovering flaws that created a heightened risk of fraud as well as “unfair” terms …

  1. This post has been deleted by its author

    1. mi1400

      Pakistan's Mobilink (i.e. Nation's largest telecom with approx 40million customers) has long been providing this Service/VAS as MobiCash. The ppl commenting here in forums think that just because its in third world it just has to be a flop or fated for flop .. where as they should know that...

      1. Pakistan govt has implemented legal binding that such telco must own a legally recognizable bank. Here Mobilink owns WaseelaBank.

      2. Computing is not done over normal servers but specially design, procured and hardened for.

      3. The SMS is not everything ... u pay cash to any shop may it be MobiCash's franchised tuckshop, grocery shop etc, pay there the cash, a receipt is given then and there, there is no creditcard/debitcard involved to debate safety... the code is generated and the collector anywhere in Pakistan can go to nearby MobiCash's franchise tell/show the code and National ID card that franchise pays the cash. upto 30,000pkr is daily limit and Mobilink is providing it for years.

      I have just given the bird's eye view ... there are more layers to it for example i forgot to tell .. all the SIMs have been tightly binded with biomatrically verified customers in a recent nation wide massive project.

  2. Anonymous Coward
    Anonymous Coward

    A lot of places...

    ..use SMS extremely well for banking. Is that method more or less secure?

  3. Spender

    not surprised.

    After entering my card details incorrectly on a reputable UK site, I was redirected to the security confirmation. I flagged the transaction to the site owners because the security question was "Please enter your ATM pin to proceed". They got back to me and told me that I had entered the wrong details and that the confirmation was a legitimate page from an Indian bank. If this level of security is the norm, I probably wouldn't want to bank there.

  4. pigor

    Unregulated services have some drawbacks... This is something to keep in mind when they push for less regulations.

    Anyway security, privacy, consumers rights, are not even a joke in developing countries. :(

    Strangely enough the only 2 times my credit card was compromised was in usa. Hmmm...

  5. Captain Badmouth

    Less regulation?

    "This is something to keep in mind when they push for less regulations."

    We all know what happened when Gordon relaxed regulation of banking. ( George thought it was a good idea, too.)

  6. mjoyce

    Apps not the only way

    I would love to see more detail about the analysis.

    Most branchless banking and mobile money in the developing world runs on USSD- this involves 2 factor authentication since it relies on the MSISDN of the SIM card, but is not encrypted end-to-end (only phone to USSD gateway, then it is decrypted before being sent to the mobile money server). However, more and more services will transition to apps and it is important for the developers to have good security knowledge. Moving to android apps allows for an easier interface and end-to-end encryption, but poorly informed or lazy developers and providers may take shortcuts that could leave the customer vulnerable.

    1. Jos V

      Re: Apps not the only way

      mjoyce, in the last sentence on page 2 there is link (PDF) to the original study.

      Makes interesting reading, for me more so, as I live in a developing country offering me the mcoin stuff. Which I will stay away from for now..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019