Mobile Banking With Hdfc & Icici

[raccoon 53]

RIM has now included ICICI bank along with HDFC bank for mobile banking thru R-World. Since I have an HDFC bank a/c, I registered for this service with HDFC bank and can now check my account details and carry out select transactions using R-World.

However, much to my surprise there seems to be no password/PIN security for accessing the account! That means whoever has even brief access to my mobile has access to my bank account!

So if it ever gets stolen ...or even in cases where I have to take it to the service station, anybody would have direct access to the account and could even carry out transactions!!!

Its really surprising that they have overlooked this very important security loophole!

Is this the same for people who have registered with ICICI?

Anybody concerned about this???

[Beetle 0]

Dear Raccoon

You are mistaken. Internet Banking generally comes with two passwords. ONE, loggin password, TWO transaction password. With the former you can find out details of your account, with the later you can perform financial transactions.

In the case of your mobile, R world authenticates into the Banks server by quoting you cell number. This is the same as sending an sms from your cell to the bank and getting a reply sms with your account details, a service provided by all mobile operators. Once you register your phone with the bank, any one who has access to your phone can find details of your account, by sms or R world. It is like a digital passbook.

Coming to the main point, R world does not allow real FINANCIAL transactions as of now. When they do start this feature, I hope and I think they will, ask for the TRANSACTION PASSWORD. So, for now, rest assurred that your money is safe.

[swaroop 0]

just hope that we can make secure transactions soon

[raccoon 53]

Dear Beetle!

But Im not talking about Internet Banking! Internet banking is a seperate issue and mobile banking thru R-world is a seperate issue!!!

And at least I dont need a password/PIN to access my account thru my handset. That means whoever holds my handset has access to my bank account!

Its true that even then that person wont be able to effect any "real" transaction like transfer of funds ...but he very well can play mischief like maybe make a bill payment (if registered) or order a cheque book or statement, etc. Not to mention he can look into my transactions & balance and all! Thats bad enough, methinks!

In comparision look at the online bill payment facility thru credit card offered on R-World - you cant make any transaction unless you have a PIN (3 attempts) and you also have the option not to save any credit card details - you can just enter them when you have to make a payment. Thats whats neat!!!

[Beetle 0]

Dear Raccoon!

Please accept my apology, I should have presented my view more clearly. I meant to compare Internet Banking with Mobile Banking, by saying this, I hope my earlier post becomes more clearer to you.

In the case of your mobile, R world authenticates into the Banks server by quoting you cell number. This is the same as sending an sms from your cell to the bank and getting a reply sms with your account details, a service provided by all mobile operators. Once you register your phone with the bank, any one who has access to your phone can find details of your account, by sms or R world. It is like a digital passbook.

As you are aware, CDMA authentication can be easily spoofed! The level of security is not up to the mark to allow Banking. This is the reason you are allowed limited transactions thru mobile phones, be it GSM or CDMA (mentioned in my post above). ICICI bank and other banks which run secure online transactions wont allow an easy back door entry to pranksters or criminals.

In the near future, if phones do allow financial transactions I believe it will be in the lines mentioned by you above.

Regards

[raccoon 53]

Well, if "CDMA authentication can be easily spoofed", what about the security of credit card transactions using the online bill payment thru credit card facility??? Wouldnt that be quite unsafe too? PIN/Pw protoction notwithstanding ...cus that protection is at the handset level!

U just gave me the shivers!

[Beetle 0]

Dearest Raccoon!!

I think the night is catching up to you

Let me make it more simpler. Say you use IE to access ICICI bank website. You have activated password manager or some program which fills in your details when asked. You’re confidence in this program lies in the fact that your Desktop computer is used by you, and only you, in the secure environment of your bedroom!

Imagine this, I steal Raccoons computer in my Beetle, zoom to a WiFi Hotspot, open your IE, use your Password manager to authenticate and then carry transactions. How would you like that?

Well, this is the case in your mobile. Reliance Phone is your computer, R-World is your password manager with IE. Unlike on your computer, R-world may not store it locally, but on its server, this further complicates matter.

Have you heard about cloning dear Raccoon? If so, let me take you one step further. By cloning your cell (GSM or CDMA) I can access your R world data directly on the cloned phone. You would be blissfully hooting thru the night, phone in your pocket, while its clone will be usurping its prey.

So, I say again!

Internet Banking generally comes with two passwords. ONE, login password, TWO transaction password. Phone authenticates into the Banks server by quoting your (MIN/ESN) number, which acts as your Login password.  R-world does not allow real FINANCIAL transactions. When they do they will ask for the TRANSACTION PASSWORD

CDMA authentication can be easily spoofed! This is the reason you are allowed limited transactions thru mobile phones, be it GSM or CDMA . ICICI bank and other banks which run secure online transactions wont allow an easy back door entry to pranksters or criminals

In the near future, if phones do allow financial transactions I believe it will be in the lines mentioned by you above.

At present, in case of ICICI bank, Reliance is a third party with a bad reputation sitting between ICICI bank and its end user. Remember R-world is not a true WAP site, but a jungle inside Reliance servers. So unless the protocol is clearly defined banks are unlikely to handover their Financial transactions to a telephone company.

Hoot Hoot

[raccoon 53]

Heheh Beetle ....that was cute ...and enlightening!

But ...I was originally apprehensive about the mobile banking thingy ...but after what you said, im getting the shivers about my credit card data going safely, unintercepted, to where its supposed to go!

And just for the record, I do know a bit about comp hacking (not much about the mobile variant) ...though am now out of date as im no longer in touch. And so I have very poor confidence in pw managers and all ...and dont really store them on my comp ...at least not important ones! That reduces the risk a lot ...not eliminates it ...that I know.

With the same logic I would balk at storing my credit card details in the R-World application. I just feed it in when I have to pay the bill. Now I guess this would reduce the risk of any fraud. Also there is PIN protection ...but as I said thats obviously at the handset level. Question is, how safe are one's credit card details as they "travel" from the handset to Reliance (& thence)?

Any comments???

[Beetle 0]

Dear Raccoon

I would have preferred entertaining to enlightening

About Credit Card related security issues, lets do it some other time shall we and maybe on some other forum which specialises on that topic.

Chill!

[raccoon 53]

Dearest Beetle,

Ok, entertaining it is then! ....and scary!!!

I guess we went a bit off topic ...but it was great while it lasted!

Retiring to my nest now...

[sat 0]

Anyone able to access ICICI .. after the 93.. change ?? i have tried updating the phone number in ICICI site ... both 093xxxxxxx and 9193xxxxxx does not seem to work .... any luck anyone ?

[Saurav 22]

is repeated reg to hdfc required after 93 migration

[raccoon 53]

Its HIGHLY unlikely that they will expect a re-registration!

[Utsav 0]

What are the transactions that can be made through RWorld? I mean can u Pay Bills, Transfer Funds or Make Third Party Payements?

[raccoon 53]

Utsav, you can pay bills (if you have registered seperately for it). Though Iv found it quite user-unfriendly! They expect you to remember and feed in company short codes, bill amt. and all!! Not menu driven like net banking.

You can also check your a/c balance, last 3 transactions, FD inquiry, cheque status, order a statement or cheque book, give stop cheque instructions, change primary a/c., etc.

You can't transfer funds or effect 3rd party payments thru mobile banking.

[grafixguru 0]

Anyone able to access ICICI .. after the 93.. change ?? i have tried updating the phone number in ICICI site ... both 093xxxxxxx and 9193xxxxxx does not seem to work .... any luck anyone ?

17158[/snapback]

hi

Yesterday i updated to 93, its working fine. Dont put 09193 just enter9193 is enough.

reg

Grafix guru

[sharsh 1]

is repeated reg to hdfc required after 93 migration

17280[/snapback]

Yes, one must go to a branch of HDFC Bank to re-register for mobile banking. It's a pain, all right, but necessary.

[rim-matrix 0]

hi,

methinks that rim should provide the database of new nos to hdfc, rather than we doing it, what say?......