SMS banking is a form of mobile banking. It is a facility used by some banks or other financial institutions to send messages (also called notifications or alerts) to customers' mobile phones using SMS messaging, or a service provided by them which enables customers to perform some financial transactions using SMS.
SMS banking services may use either push or pull messages. Push messages are those that a bank sends out to a customer's mobile phone, without the customer initiating a request for the information. Typically, a push message could be a mobile marketing message or an alert of an event happening in the customer's bank account, such as a large withdrawal of funds from an ATM or a large payment involving the customer's credit card, etc. It may also be an alert that some payment is due, an amount has been credited to the customer's account or that an e-statement is ready to be downloaded.
Another type of push message is one-time password (OTPs). OTPs are the latest tool used by financial institutions to combat cyber fraud. Instead of relying on traditional memorized passwords, OTPs are sent to a customer's mobile phone via SMS, who are required to repeat the OTP to complete transactions using online or mobile banking. The OTP is valid for a relatively short period and expires once it has been used.
Bank customers can select the type of activities for which they wish to receive an alert. The selection can be done either using internet banking or by phone.
Pull messages are initiated by the customer, using a mobile phone, for obtaining information or performing a transaction in the bank account. Examples of pull messages include an account balance enquiry, or requests for current information like currency exchange rates and deposit interest rates, as published and updated by the bank.
Depending on the selected extent of SMS banking transactions offered by the bank, a customer can be authorized to carry out either non-financial transactions, or both and financial and non-financial transactions. SMS banking solutions offer customers a range of functionality, classified by push and pull services as outlined below.
Typical push services would include:
Typical pull services would include:
This section needs expansion. You can help by adding to it. (April 2010) |
There is a very real possibility for fraud when SMS banking is involved, as SMS uses insecure encryption and is easily spoofable (see the SMS page for details). Supporters of SMS banking claim that while SMS banking is not as secure as other conventional banking channels, like the ATM and internet banking, the SMS banking channel is not intended to be used for very high-risk transactions. [2]
Due to the concerns made explicit above, it is extremely important that SMS gateway providers can provide a decent quality of service for banks and financial institutions in regards to SMS services. Therefore, the provision of Service Level Agreement (SLA) is a requirement for this industry; it is necessary to give the bank customer delivery guarantees of all messages, as well as measurements on the speed of delivery, throughput, etc. SLAs give the service parameters in which a messaging solution is guaranteed to perform.
The convenience of executing simple transactions and sending out information or alerting a customer on the mobile phone is often the overriding factor that dominates over the skeptics who tend to be overly bitten by security concerns.
As a personalized end-user communication instrument, today mobile phones are perhaps the easiest channel on which customers can be reached on the spot, as they carry the mobile phone all the time no matter where they are. Besides, the operation of SMS banking functionality over phone key instructions makes its use very simple. This is quite different from internet banking which can offer broader functionality, but has the limitation of use only when the customer has access to a computer and the Internet. Also, urgent warning messages, such as SMS alerts, are received by the customer instantaneously; unlike other channels such as the post, email, Internet, telephone banking, etc. on which a bank's notifications to the customer involves the risk of delayed delivery and response.
The SMS banking channel also acts as the bank's means of alerting its customers, especially in an emergency situation; e.g. when there is an ATM fraud happening in the region, the bank can push a mass alert (although not subscribed by all customers) or automatically alert on an individual basis when a predefined ‘abnormal’ transaction happens on a customer's account using the ATM or credit card. This capability mitigates the risk of fraud going unnoticed for a long time and increases customer confidence in the bank's information systems. [3]
The lack of encryption on SMS messages is an area of concern that is often discussed. This concern sometimes arises within the group of the bank's technology personnel, due to their familiarity and past experience with encryption on the ATM and other payment channels. The lack of encryption is inherent to the SMS banking channel and several banks that use it have overcome their fears by introducing compensating controls and limiting the scope of the SMS banking application to where it offers an advantage over other channels.
Suppliers of SMS banking software solutions have found reliable means by which the security concerns can be addressed. Typically the methods employed are by pre-registration and using security tokens where the transaction risk is perceived to be high. Sometimes ATM type PINs are also employed, but the usage of PINs in SMS banking makes the customer's task more cumbersome.
SMS banking usually integrates with a bank's computer and communications systems. As most banks have multiple backend hosts, the more advanced SMS banking systems are built to be able to work in a multi-host banking environment; and to have open interfaces which allow for messaging between existing banking host systems using industry or de facto standards.
Well developed and mature SMS banking software normally provide a robust control environment and a flexible and scalable operating environment. These solutions are able to connect seamlessly to multiple SMSC operators in the country of operation. Depending on the volume of messages that are required to be pushed, means to connect to the SMSC could be different, such as using simple modems or connecting over leased line using low level communication protocols (like SMPP, UCP etc.) Advanced SMS banking solutions also cater to providing failover mechanisms and least-cost routing options.
Most online banking platforms are owned and developed by the banks using them. There is only one open source online banking platform supporting mobile banking and SMS payments called Cyclos, which is developed to stimulate and empower local banks in development countries.
Mobile payment, also referred to as mobile money, mobile money transfer and mobile wallet, is any of various payment processing services operated under financial regulations and performed from or via a mobile device. Instead of paying with cash, cheque, or credit card, a consumer can use a payment app on a mobile device to pay for a wide range of services and digital or hard goods. Although the concept of using non-coin-based currency systems has a long history, it is only in the 21st century that the technology to support such systems has become widely available.
A personal identification number (PIN), PIN code, or sometimes redundantly a PIN number, is a numeric passcode used in the process of authenticating a user accessing a system.
A transaction account, also called a checking account, chequing account, current account, demand deposit account, or share account at credit unions, is a deposit account or bank account held at a bank or other financial institution. It is available to the account owner "on demand" and is available for frequent and immediate access by the account owner or to others as the account owner may direct. Access may be in a variety of ways, such as cash withdrawals, use of debit cards, cheques and electronic transfer. In economic terms, the funds held in a transaction account are regarded as liquid funds. In accounting terms, they are considered as cash.
Online banking, also known as internet banking, virtual banking, web banking or home banking, is a system that enables customers of a bank or other financial institution to conduct a range of financial transactions through the financial institution's website or mobile app. Since the early 2000s this has become the most common way that customers access their bank accounts.
President's Choice Financial, commonly shortened to PC Financial, is the financial service brand of the Canadian supermarket chain Loblaw Companies.
A one-time password (OTP), also known as a one-time PIN, one-time passcode, one-time authorization code (OTAC) or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid several shortcomings that are associated with traditional (static) password-based authentication; a number of implementations also incorporate two-factor authentication by ensuring that the one-time password requires access to something a person has as well as something a person knows.
A payment system is any system used to settle financial transactions through the transfer of monetary value. This includes the institutions, payment instruments such as payment cards, people, rules, procedures, standards, and technologies that make its exchange possible. A payment system is an operational network which links bank accounts and provides for monetary exchange using bank deposits. Some payment systems also include credit mechanisms, which are essentially a different aspect of payment.
A transaction authentication number (TAN) is used by some online banking services as a form of single use one-time passwords (OTPs) to authorize financial transactions. TANs are a second layer of security above and beyond the traditional single-password authentication.
Payment cards are part of a payment system issued by financial institutions, such as a bank, to a customer that enables its owner to access the funds in the customer's designated bank accounts, or through a credit account and make payments by electronic transfer with a payment terminal and access automated teller machines (ATMs). Such cards are known by a variety of names, including bank cards, ATM cards, client cards, key cards or cash cards.
Mobile banking is a service provided by a bank or other financial institution that allows its customers to conduct financial transactions remotely using a mobile device such as a smartphone or tablet. Unlike the related internet banking it uses software, usually called an app, provided by the financial institution for the purpose. Mobile banking is usually available on a 24-hour basis. Some financial institutions have restrictions on which accounts may be accessed through mobile banking, as well as a limit on the amount that can be transacted. Mobile banking is dependent on the availability of an internet or data connection to the mobile device.
The term mobile commerce was originally coined in 1997 by Kevin Duffey at the launch of the Global Mobile Commerce Forum, to mean "the delivery of electronic commerce capabilities directly into the consumer’s hand, anywhere, via wireless technology." Many choose to think of Mobile Commerce as meaning "a retail outlet in your customer’s pocket."
PrivatBank is the largest bank in Ukraine by assets. It was formed on 19 March 1992 and has been owned by the Government of Ukraine since 2016. In early 2024, it was confirmed by the National Bank of Ukraine as one of the country's systemically important banks.
Multibanco is a Portuguese interbank network. It is the largest interbank network in Portugal owned and operated by SIBS , that links the ATMs of 27 banks in Portugal, totaling 12,700 machines as of December 2014. The bank members of Multibanco control the SIBS. Multibanco is a fully integrated interbank network. One of the most notable characteristics of Multibanco is the wide range of services that can be utilised through its machines.
Payment and settlement systems are used for financial transactions in India. Covered by the Payment and Settlement Systems Act of 2007, legislated in December 2007, they are regulated by the Reserve Bank of India (RBI) and the Board for Regulation and Supervision of Payment and Settlement Systems.
Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services or to make payment to another account, which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help financial institutions process card payments securely and reduce card fraud.
A banking agent is a retail or postal outlet contracted by a financial institution or a mobile network operator to process clients’ transactions. Rather than a branch teller, it is the owner or an employee of the retail outlet who conducts the transaction and lets clients deposit, withdraw, transfer funds, pay their bills, inquire about an account balance, or receive government benefits or a direct deposit from their employer. Banking agents can be pharmacies, supermarkets, convenience stores, lottery outlets, post offices, and more.
Citibank Berhad is a licensed commercial bank operating in Malaysia with its headquarters in Jalan Ampang, Kuala Lumpur. Citibank Berhad operates as a subsidiary of Citigroup Holding (Singapore) Private Limited, commencing its banking operations in Malaysia since 1959. Citibank Berhad was locally incorporated in 1994. Citibank Berhad has 11 branches spread across Kuala Lumpur, Selangor, Penang, Kuantan, Malacca and Johor, offering a wide range of banking and financial services including retail banking, institutional banking, and investment products and services.
Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism. MFA protects personal data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.
National Payments Corporation of India (NPCI) is an Indian state-owned organization that operates retail payments and settlement systems in India. The organization is an initiative of the Reserve Bank of India (RBI) and the Indian Banks' Association (IBA) under the provisions of the Payment and Settlement Systems Act, 2007, for creating a robust payment and settlement infrastructure in India.
Mobile payments is a mode of payment using mobile phones. Instead of using methods like cash, cheque, and credit card, a customer can use a mobile phone to transfer money or to pay for goods and services. A customer can transfer money or pay for goods and services by sending an SMS, using a Java application over GPRS, a WAP service, over IVR or other mobile communication technologies. In India, this service is bank-led. Customers wishing to avail themselves of this service will have to register with banks which provide this service. Currently, this service is being offered by several major banks and is expected to grow further. Mobile Payment Forum of India (MPFI) is the umbrella organisation which is responsible for deploying mobile payments in India.