FNB Send Money

FNB send (me) money (please).. just kidding, it’s the name of a new service from FNB Mobile Commerce.

They chatted to a few bloggers today. I was invited. Nice format.. 1-on-1 sessions with the CEO of the eMoney business unit.

They did a demo where they sent me R50. The system created a “wallet” for me, which I could access via USSD. I then generated a PIN to use at an ATM. I walked over and withdrew R50 in cash. Pretty slick.

Some ideas:

  • The product makes sense. It’s pretty obvious that people want to move money via their mobile phones. The target market seems to be people who don’t earn a lot of money or who may not have a bank account.
  • The brand could be a bit better, “Send Money” is simple, but it’s not very unique, which may actually make it hard to remember.
  • They use a USSD (GSM) interface, simple, not very sexy or intuitive, but reliable I guess.
  • Seems to be designed and driven by cool people (well, at least one).

Paranoia part:

The system is VERY dependent on the security of the phone and everything seems to link back to a mobile phone number (MSISDN). This is fine if they use more than one path/way to authenticate the transaction (like web + mobile phone, in online banking).

In the demo I received a PIN via SMS. So anybody who could read or intercept that SMS could withdraw the money.

We know there are a few potential problems with mobile network security:

  • We don’t trust the SMS gateway operators (mobile phone company staff). They can read the SMS’s.. crypto is not end-to-end.
  • We don’t really trust the way SIMs are issued. Any mobile phone shop can request a “SIM swap” and get your number on the new SIM. Maybe not trivial, but certainly a known problem.
  • GSM crypto is not that safe. You can buy devices that do GSM call-interception (and SMS).. or have fun with a DIY solution.. you can snoop GSM traffic with something like OpenBTS and you can crack A5/1 like this guy with his.. GSM has more security holes than Swiss cheese project.

So, the idea is very good, but I’m not too comfortable with relying on the GSM networks for the security of the transaction.

9 thoughts on “FNB Send Money

  1. I feel your paranoia, but I’m guessing FNB calculated the risk exposure and are willing to take the hit.

    GSM-only based transactions are probably safer than using credit cards :-/

  2. Simeon, maybe safer than old credit cards, but the new chip-and-pin ones seem pretty secure to me.. not sure what the fraud stats are on the new cards though.

  3. I guess the best option would be not to send the PIN in an SMS and just display it in the USSD screen. What about the additional time and cost spent on the USSD dial string or people playing on their phone infront of you at the ATM?

  4. Hi all

    I have used send money before, twice actually and am happy with the service, i had one hic up but that was soon sorted, all the bes for fnb, nice one

  5. I also met Yolande for the demo. Cool service. I used it to give money to my cook to get groceries with today. I don’t know whether she actually managed to work out how to use it on her side though – we’ll see tomorrow.

  6. Just zooming out a bit..

    I guess what I was trying to say is that it’s fine for a mobile phone company to rely on the fraud prevention processes of a bank, but it’s maybe not such a good idea for a bank to rely on the fraud prevention processes of a mobile phone company.

    The one aims to prevent a few free phone calls, with the other large amounts of money could go missing.

Comments are closed.