Thursday, June 05, 2008

Phone Banking vs Facebook banking

I was very interested to see two good stories on Finextra today.

The first was that around half of Facebook users want to be able to bank through Facebook. The second was that 91% of British adults had concerns about fraud on their phone accessible bank accounts.

It seems to me a pretty bizarre set of contradictions. Facebook is a very nice application, but I'm pretty dubious that banking through it is a good idea. There are issues over some of the Financial Services advertising (see the BBC "Facebook users warned about ads") and I'm not convinced that data privacy issues are fully resolved, or in line with the standards set by banks (again the BBC with "Facebook 'violates privacy laws'" and "Facebook faces privacy questions"). It may be that as Facebook matures these issues will be resolved to everyone's satisfaction, but I know many remain dubious about entrusting their details to an organisation that has already had to apologise for how it has used them.

By contrast voice technology is far more mature and security concerns should be on a different level. There are weaknesses but they are more to do with processes than the underlying technology. A good example was the case I covered at Barclays (see "Security, Call Centres and Fraud") where there was nothing wrong with the technology, but the processes were not as robust as needed to be against identity theft. At this point (although the research is funded by Nuance a speech technology vendor) I'm inclined to agree with the article that speech recognition and biometrics could make a difference where pass words have been stolen or an identity otherwise compromised. Certainly it had the potential to make a difference in the Barclays case.

The scary thing about Facebook is that if a Facebook banking application were to be compromised, the chances are that the fraudsters would have access to so much personal information that any future identity recovery could be very difficult. By contrast the telephone channel at least offers the prospect that even if your identity was stolen you would only be authenticated by who you are, not what you know.

No comments: