ARM Community: Online Banking and Mobile Banking - ARM Community

I must say my bank has treated me well. When I talked to colleague whose banks are more fastidious about security than mine, he was inconvenienced and frustrated with the service. What he’s been inconvenienced with is a small pocket calculator sized widget that he must plug his bank card into every time he wants to log-on to his service. The login web-page will issue a challenge that has to be entered into the widget and a one-time password will be generated that has to be entered back into the login web-page. All nice and secure, assuming you’ve got your widget with you. Now, where did my colleague leave it? Now he’s got a home banking service rather than an Internet banking service.

But wait! The answer lies in mobile banking, surely? Erm, no not quite yet. I tried mobile banking once. Once and once only. The setup process was excruciating to say the least, I needed to be sat at a PC to start with (ironic since if I’m signing up for mobile banking perhaps it’s because I don’t have a PC) after half an hour of receiving WAP-push messages downloading software and waiting a long time, (assuming the software was generating cryptography key pairs and such things), picking a six-digit PIN (argh! Another thing to remember!) I finally thought I was about to enjoy the enlightened experience of being able to bank anywhere when up popped the message saying, “your service will be activated within 24 hours after an account manager has reviewed your request”. Not quite mobile banking Nirvana. Anyhow after waiting till the next day to finally see what the fuss was about, I found out that the Mobile Banking service offered by my bank allowed me to... Check my balance and last five items on my statement.

This extremely limited service was brought to me by the lack of functionality and security available in current devices. I can imagine the conversations between marketers in the banks and their security teams.

Marketer: “We’ll be able to deploy mobile banking to 100% of our customers because they ALL have mobile phones!”
Security guy: “We can’t trust ANY of these phones, they don’t have the security we need for transactions/compliance/regulations”.
Marketer: “OK let’s give them a balance and mini-statement and call it mobile banking”
Security guy: “Fine but we’re still going to have to secure it with a password that isn’t a PIN”.

There is a brighter future where banks get the security they need and device manufacturers build in the right technology. SecurCore, TrustZone and Mobicore Security Services can make Mobile Internet Banking (see my previous blog for my nirvana) a convenient reality. In my upcoming blogs, I’ll describe each in detail.

What else do you want from mobile transactions?

ARM will be hosting a Core Conversation about mobile payments at South by Southwest Interactive on Sunday March 13th, be sure to stop by! Learn more about ARM at SXSWi here.

Rob Brown, Secure Solutions Segment Marketing, ARM. Rob joined ARM in 2005 to drive design wins in the Smart Card segment. He is now responsible for directing ARM security market strategy and business development which includes ARM products such as TrustZone and SecurCore, external partnerships and supporting industry activity. Prior to joining ARM he worked for 8 years in the RFID sector in start-up companies and silicon IP providers for NFC and played an active role in the in defining the support for the NFC Forum Type 1 tag. He holds a Bachelors degree in Electronic Engineering from the University of Manchester. He is a certified payments geek and is waiting impatiently for the first devices that can make payments faster and easier to use. He looks forward to the day when he can buy whatever he wants from whoever’s got it, wherever they are with a single click.