Comments on: Rabobank has insecure SMS banking http://specialbrands.net/2008/07/09/rabobank-has-insecure-sms-banking/ blaze your trail Sat, 04 Feb 2012 18:11:27 +0000 hourly 1 http://wordpress.com/ By: More SMS banking by M&T #sms #bank #risk « General Musing http://specialbrands.net/2008/07/09/rabobank-has-insecure-sms-banking/#comment-873 Thu, 22 Apr 2010 12:33:44 +0000 http://webhat.wordpress.com/?p=124#comment-873 [...] SMS banking by M&T #sms #bank #risk By webhat Brian Szymanski send a reply to me concerning another bank implementing SMS banking: M&T. Their demo, which you can find [...]

]]> By: webhat http://specialbrands.net/2008/07/09/rabobank-has-insecure-sms-banking/#comment-872 Thu, 22 Apr 2010 11:29:36 +0000 http://webhat.wordpress.com/?p=124#comment-872 Thanks for the video.

I just watched it, and it’s not so bad really. You can’t do payments over this, not unlike some of the other mobile banking services I’ve profiled. My current bank has a way to access your current account details using MSN, although they do mask account numbers.

With a little social engineering you can get all these details from your bank over the telephone. I will post it with attribution in the next few days.

]]> By: brian szymanski http://specialbrands.net/2008/07/09/rabobank-has-insecure-sms-banking/#comment-867 Wed, 21 Apr 2010 07:46:51 +0000 http://webhat.wordpress.com/?p=124#comment-867 using sms for banking is one of the stupidest ideas i can imagine. my bank, m and t bank of buffalo, ny, usa, is now doing it too. with no additional security or one time passwords whatsoever. the only thing they do is omit personally identifiable information, but with a cell phone number, how hard is that to track down? Not to mention the problems SMS spoofing introduces. See the video here:

https://www.mtb.com/PERSONAL/CONVENIENTBANKING/Pages/MobileBankingDemo.aspx

only a fool would sign up for this service. and i’ve accelerated my plans to leave this bank.

]]> By: Abhishek Rao http://specialbrands.net/2008/07/09/rabobank-has-insecure-sms-banking/#comment-276 Wed, 30 Jul 2008 12:54:48 +0000 http://webhat.wordpress.com/?p=124#comment-276 It is true that sms banking can be risky not only in the above way, but also in a case where the cell phone gets stolen and thus the secure data can be recovered from the sent transactions and inbox. While searching for an answer to this, I found that one of the bank called Barclays offers its customers mobile banking through USSD mode which works like balance enquiry and doesnt store anything on the cell phone. Its definately more secure than sms and faster in response time. The following online demo might explain all the security measures taken by bank while implementing USSD http://www.barclays.in/channels/mobile/hello_money_demo.htm

]]>