SMS Banking
Encyclopedia
Bank
A bank is a financial institution that serves as a financial intermediary. The term "bank" may refer to one of several related types of entities:...
s to its customers, permitting them to operate selected banking services over their mobile phone
Mobile phone
A mobile phone is a device which can make and receive telephone calls over a radio link whilst moving around a wide geographic area. It does so by connecting to a cellular network provided by a mobile network operator...
s using SMS messaging.
Push and pull messages
SMS banking services are operated using both push and pull messages. Push messages are those that the bank chooses to send out to a customer's mobile phone, without the customer initiating a request for the information. Typically push messages could be either Mobile marketingMobile Marketing
Mobile marketing can refer to one of two categories of interest. First, and relatively new, is meant to describe marketing on or with a mobile device, such as a cell phone using SMS Marketing....
messages or messages alerting an event which happens in the customer's bank account, such as a large withdrawal of funds from the ATM or a large payment using the customer's credit card
Credit card
A credit card is a small plastic card issued to users as a system of payment. It allows its holder to buy goods and services based on the holder's promise to pay for these goods and services...
, etc. (see section below on Typical Push and Pull messages).
Another type of push message is One-time password
One-time password
A one-time password is a password that is valid for only one login session or transaction. OTPs avoid a number of shortcomings that are associated with traditional passwords. The most important shortcoming that is addressed by OTPs is that, in contrast to static passwords, they are not vulnerable...
(OTPs). OTPs are the latest tool used by financial and banking service providers in the fight against cyber fraud. Instead of relying on traditional memorized passwords, OTPs are requested by consumers each time they want to perform transactions using the online or mobile banking interface. When the request is received the password is sent to the consumer’s phone via SMS. The password is expired once it has been used or once its scheduled life-cycle has expired.
Pull messages are those that are initiated by the customer, using a mobile phone, for obtaining information or performing a transaction in the bank account. Examples of pull messages for information include an account balance enquiry, or requests for current information like currency exchange rates and deposit interest rates, as published and updated by the bank.
The bank’s customer is empowered with the capability to select the list of activities (or alerts) that he/she needs to be informed. This functionality to choose activities can be done either by integrating to the internet banking
Online banking
Online banking allows customers to conduct financial transactions on a secure website operated by their retail or virtual bank, credit union or building society.-Features:...
channel or through the bank’s customer service call centre
Call centre
A call centre or call center is a centralised office used for the purpose of receiving and transmitting a large volume of requests by telephone. A call centre is operated by a company to administer incoming product support or information inquiries from consumers. Outgoing calls for telemarketing,...
.
Typical push and pull services offered under SMS banking
Depending on the selected extent of SMS banking transactions offered by the bank, a customer can be authorized to carry out either non-financial transactions, or both and financial and non-financial transactions. SMS banking solutions offer customers a range of functionality, classified by push and pull services as outlined below.Typical push services would include:
- Periodic account balance reporting (say at the end of month);
- Reporting of salary and other credits to the bank account;
- Successful or un-successful execution of a standing orderStanding order (banking)A Standing Order is an instruction a bank account holder gives to their bank to pay a set amount at regular intervals to another account. The instruction is sometimes known as a banker's order....
; - Successful payment of a chequeChequeA cheque is a document/instrument See the negotiable cow—itself a fictional story—for discussions of cheques written on unusual surfaces. that orders a payment of money from a bank account...
issued on the account; - Insufficient funds;
- Large value withdrawals on an account;
- Large value withdrawals on the ATM or EFTPOSEFTPOSEFTPOS is the general term used for debit card based systems used for processing transactions through terminals at points of sale. In Australia and New Zealand it is also the brand name of the specific system used for such payments...
on a debit cardDebit cardA debit card is a plastic card that provides the cardholder electronic access to his or her bank account/s at a financial institution...
; - Large value payment on a credit cardCredit cardA credit card is a small plastic card issued to users as a system of payment. It allows its holder to buy goods and services based on the holder's promise to pay for these goods and services...
or out of country activity on a credit card. - One-time passwordOne-time passwordA one-time password is a password that is valid for only one login session or transaction. OTPs avoid a number of shortcomings that are associated with traditional passwords. The most important shortcoming that is addressed by OTPs is that, in contrast to static passwords, they are not vulnerable...
and authentication
Typical pull services would include:
- Account balance enquiry;
- Mini statement request;
- Electronic bill paymentElectronic bill paymentElectronic bill payment is a feature of online banking, similar in its effect to a giro, allowing a depositor to send money from their demand account to a creditor or vendor such as a public utility or a department store to be credited against a specific account...
; - Transfers between customer's own accounts, like moving money from a savings account to a current account to fund a cheque;
- Stop payment instruction on a cheque;
- Requesting for an ATM cardATM cardAn ATM card is a card issued by a bank, credit union or building society that can be used at an ATM for deposits, withdrawals, account information, and other types of transactions, often through interbank networks.Some ATM cards can also be used:* at a branch, as identification for in-person...
or credit cardCredit cardA credit card is a small plastic card issued to users as a system of payment. It allows its holder to buy goods and services based on the holder's promise to pay for these goods and services...
to be suspended; - De-activating a credit or debit card when it is lost or the PINPersonal identification numberA personal identification number is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system. Typically, the user is required to provide a non-confidential user identifier or token and a confidential PIN to gain access to the system...
is known to be compromised; - Foreign currency exchange rates enquiry;
- Fixed deposit interest rates enquiry.
Concerns and skepticism about SMS banking
There is a very real possibility for fraud when SMS banking is involved, as SMS uses insecure encryption and is easily spoofable (see the SMSSMS
SMS is a form of text messaging communication on phones and mobile phones. The terms SMS or sms may also refer to:- Computer hardware :...
page for details). Supporters of SMS banking claim that while SMS banking is not as secure as other conventional banking channels, like the ATM and internet banking, the SMS banking channel is not intended to be used for very high-risk transactions.
Quality of service in SMS banking
Because of the concerns made explicit above, it is extremely important that SMS gateway providers can provide a decent quality of service for banks and financial institutions in regards to SMS services. Therefore, the provision of Service Level AgreementService Level Agreement
A service-level agreement is a part of a service contract where the level of service is formally defined. In practice, the term SLA is sometimes used to refer to the contracted delivery time or performance...
(SLA) is a requirement for this industry; it is necessary to give the bank customer delivery guarantees of all messages, as well as measurements on the speed of delivery, throughput, etc. SLAs give the service parameters in which a messaging solution is guaranteed to perform.
The convenience factor
The convenience of executing simple transactions and sending out information or alerting a customer on the mobile phone is often the overriding factor that dominates over the skeptics who tend to be overly bitten by securityInformation security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
concerns.
As a personalized end-user communication instrument, today mobile phones are perhaps the easiest channel on which customers can be reached on the spot, as they carry the mobile phone all the time no matter where they are. Besides, the operation of SMS banking functionality over phone key instructions makes its use very simple. This is quite different from internet banking which can offer broader functionality, but has the limitation of use only when the customer has access to a computer and the Internet. Also, urgent warning messages, such as SMS alerts, are received by the customer instantaneously; unlike other channels such as the post, email, Internet, telephone banking
Telephone banking
Telephone banking is a service provided by a financial institution, which allows its customers to perform transactions over the telephone.Most telephone banking services use an automated phone answering system with phone keypad response or voice recognition capability...
, etc. on which a bank's notifications to the customer involves the risk of delayed delivery and response.
The SMS banking channel also acts as the bank’s means of alerting its customers, especially in an emergency situation; e.g. when there is an ATM fraud happening in the region, the bank can push a mass alert (although not subscribed by all customers) or automatically alert on an individual basis when a predefined ‘abnormal’ transaction happens on a customer’s account using the ATM or credit card. This capability mitigates the risk of fraud going unnoticed for a long time and increases customer confidence in the bank’s information systems
Information systems
Information Systems is an academic/professional discipline bridging the business field and the well-defined computer science field that is evolving toward a new scientific area of study...
.
Compensating controls for lack of encryption
The lack of encryptionEncryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
on SMS messages is an area of concern that is often discussed. This concern sometimes arises within the group of the bank’s technology personnel, due to their familiarity and past experience with encryption on the ATM and other payment channels. The lack of encryption is inherent to the SMS banking channel and several banks that use it have overcome their fears by introducing compensating controls and limiting the scope of the SMS banking application to where it offers an advantage over other channels.
Suppliers of SMS banking software solutions have found reliable means by which the security concerns can be addressed. Typically the methods employed are by pre-registration and using security tokens where the transaction risk is perceived to be high. Sometimes ATM type PINs
Personal identification number
A personal identification number is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system. Typically, the user is required to provide a non-confidential user identifier or token and a confidential PIN to gain access to the system...
are also employed, but the usage of PINs in SMS banking makes the customer's task more cumbersome.
Technologies employed for SMS banking
Most SMS banking solutions are add-on products and work with the bank’s existing host systemHost system
Host system is any networked computer that provides services to other systems or users. These services may include but are not limited to printer, web or database access.According Kurose-Ross, Host system is another word for end system....
s deployed in its computer and communications environment. As most banks have multiple backend hosts, the more advanced SMS banking systems are built to be able to work in a multi-host banking environment; and to have open interfaces which allow for messaging between existing banking host systems using industry or de-facto standards.
Well developed and mature SMS banking software solutions normally provide a robust control environment and a flexible and scalable operating environment. These solutions are able to connect seamlessly to multiple SMSC
SMSC
* Seoul Metro * Short message service center* Smart Mixed-Signal Connectivity...
operators in the country of operation. Depending on the volume of messages that are require to be pushed, means to connect to the SMSC
SMSC
* Seoul Metro * Short message service center* Smart Mixed-Signal Connectivity...
could be different, such as using simple modems or connecting over leased line
Leased line
A leased line is a service contract between a provider and a customer, whereby the provider agrees to deliver a symmetric telecommunications line connecting two or more locations in exchange for a monthly rent . It is sometimes known as a 'Private Circuit' or 'Data Line' in the UK or as CDN in Italy...
using low level communication protocols (like SMPP, UCP
UCP
UCP may refer to:* HK UCP, a double-action handgun by Heckler and Koch* Ubuntu Certified Professional, an LPI-based certification* Uncoupling protein...
etc.). Advanced SMS banking solutions also cater to providing failover
Failover
In computing, failover is automatic switching to a redundant or standby computer server, system, or network upon the failure or abnormal termination of the previously active application, server, system, or network...
mechanisms and least-cost routing options.
Most online banking platforms are owned and developed by the banks using them. There is only one open source online banking platform supporting mobile banking and sms payments called Cyclos
Cyclos
Cyclos is open source online banking software for Microfinance institutions, local banks and complementary currency systems like LETS, Barter networks and Time banks.Cyclos has the following functionality:* Online banking tools;...
, which is developed to stimulate and empower local banks in development countries.
See also
- Mobile bankingMobile BankingMobile banking is a term used for performing balance checks, account transactions, payments, credit applications and other banking transactions through a mobile device such as a mobile phone or Personal Digital Assistant . The earliest mobile banking services were offered over SMS...
- SMS messagingShort message serviceShort Message Service is a text messaging service component of phone, web, or mobile communication systems, using standardized communications protocols that allow the exchange of short text messages between fixed line or mobile phone devices...
- Internet bankingOnline bankingOnline banking allows customers to conduct financial transactions on a secure website operated by their retail or virtual bank, credit union or building society.-Features:...
- Short Message Service CentreSMSC* Seoul Metro * Short message service center* Smart Mixed-Signal Connectivity...
- One-time passwordOne-time passwordA one-time password is a password that is valid for only one login session or transaction. OTPs avoid a number of shortcomings that are associated with traditional passwords. The most important shortcoming that is addressed by OTPs is that, in contrast to static passwords, they are not vulnerable...
- CyclosCyclosCyclos is open source online banking software for Microfinance institutions, local banks and complementary currency systems like LETS, Barter networks and Time banks.Cyclos has the following functionality:* Online banking tools;...