Monday, May 28, 2007

Mobile banking? Not quite yet...

I do some of my banking with the Alliance and Leicester, so I was interested to learn that they're on the bleeding edge having just introduced a mobile banking service.

So I decided to sign up and see whether this is disruptive technology or whether this is yet another dead end like mobile TV , and that's when the trouble started.

There isn't a link to the new service from the bank's home page, so I did the obvious thing and ran a Google search. The top hit looked solid, so I clicked though and went to register. Well the first problem is that the link went off site to and then when I pushed ahead anyway I got an "Invalid Security Certificate". Now I happen to know that their new service is hosted by MONILINK, but to your average user this isn't going to be very reassuring. Considering how good some of the phishing scams are these days I wouldn't blame anyone for stopping at this point...

So backing up I logged into the bank's Internet Banking site and, sure enough, there is a link which lets you sign-up to the service. So I tried...

Unfortunately the Flash demo, of how the sign-up process is supposed to work, didn't play in either Safari or Firefox despite both theoretically being Flash-enabled, so I had to push ahead without it.

However it seems that, so long as you're already logged into the Internet Banking service, a list of accounts you can link to the new service just appears auto-magically. You type your mobile number in and you get a text message with, bizarrely, a link to a WAP site where you can retrieve a code to authenticate your phone for the service. Despite some misgivings at this point I did that, got my text message, went to the WAP site and retrieved the code.

Then I typed it into the browser I had open on the Internet Banking site, and got an "An error has occured, please start the registration process again" error. So I did, twice, and never got another text message back from the service. Which means that, despite fiddling around for about quarter of an hour, I didn't manage to register.

So while I'd like to provide a review of Alliance and Leicester's new mobile banking service, I can't, and I'm left with an abiding impression that MONILINK don't have things working smoothly enough so I'd trust my money to this technology quite yet. I'll get back to you if I can ever get it to work, so much for disruptive technology...

Update: ...and for the record, I don't think that this,
The security of MONILINK is at the heart of our service. The world-leading technology used by MONILINK has been developed in conjunction with some of the foremost banking security companies in the world. The solution has passed repeated, independent audits from leading, independent security experts.
which is all the MONILINK site has to say about security, is really sufficient to reassure anyone with even a basic knowledge of cryptography. These days, security through obscurity isn't going to save you from the bad guys.

Update: I decided to be stubborn about this, while re-registering on the Alliance and Leicester site several more times didn't result in any additional text messages, I decided to bypass their site by going directly to the MONILINK site and registering there. Guess what? They think I'm already registered. Well done Alliance and Leicester, no wonder I wasn't getting any additional registration text messages. However crucially at this point I don't have have a copy of the MONILINK application since the Alliance and Leicester registration bailed before I got to that stage. What I do have is a short code number to text to allow me to download the application, but that doesn't seem to be working. Want to guess whether most people would have given up by now?

Update: I've been thinking about this a fair bit today. Why have they gone for a separate application? For older phones I guess I can see the point, but I've got a Nokia N80. Why not just cut down their banking site using appropriate CSS and push well formatted Javascript and HTML at me in the normal way? Why does my bank need to use these MONILINK people at all? Especially since the entire thing seems to run via (expensive) text messaging, at 20 pence per balance enquiry I'm not that impressed. What's wrong with, you know, the Internet? The entire thing seems to be yesterday's solution to tomorrow's problem. So despite never getting this to work I'm going to arbitrarily declare the entire technology dead on arrival, just like mobile TV.