Wednesday, July 19, 2006

how to make your phone banking system safe

o hayan, matapos kong ilatag ang problema, here is my solution. hindi ko pa naman nasubukan lahat ng phone banking system sa pilipinas. pero kung yung phone banking system na ginagamit nyo boasts of anytime-anywhere-access-as-long-as-you-have-a-phone service, prone sa wiretapping hack yung account nyo.

first solution. ewan ko kung ginagawa na ito ng ibang bangko. each phone banking customer must register a phone number na yun lang ang gagamitin nya everytime they access the phone banking system. may caller id na naman and i'm sure, supported yan ng almost every telephone switch na ginagamit ng mga phone banking system. with this solution, makuha man ng hacker yung account number and pin mo, hindi pa rin nya maaaccess yung account mo coz he's not using your landline. unless gamitin nya yung line nyo dahil nga nakawiretap kayo. but this one is easy to catch, kasi, magbubusy yung phone nyo, or worst, maririnig nyong may gumagamit ng phone nyo at malalaman nyong nakawiretap yung line nyo kung gagamitin nya yung landline nyo, di ba? or, pwede mo ring iregister yung cellphone number mo. mahirap nang iwire tap yan. yun nga lang, medyo mahal ang tawag sa cellphone, unless they are giving a toll-free service. with this service pa, the caller doesn't need to input his account number, PIN na lang dapat. kasi, dapat, automatic, alam na nung phone banking system yung account mo based on the caller id. ang disadvantage nito, you are tied to a single landline number, or to your cellphone. hindi na sya call-any-phone service. pero at least, safe, di ba?

second solution. ito naman, call-any-phone service pa rin, but they have to integrate a voice recognition technology. yup, aside from account number and PIN, they have to have a password. and the system must recognize not only the password itself but the voice of the caller, kaya nga voice recognition. kahit alam nung hacker yung account number, PIN at password mo, iba naman yung boses nya, hindi pa rin nya maaaccess yung account, unless may talent syang kagaya ni willie nepomuceno. hehehe. meron na bang ganitong system? oo naman. andyan, kalat sa internet yung voice recognition technology, medyo may kamahalan nga lang. anyway, bangko naman sila, imposibleng wala silang pera. hehehe. if they really want to provide a really safe phone banking system, hayan na ang dalawa kong proposed solution.

if your phone banking system has already this feature, eh di mabuti. pakisabi na lang sa akin para maitransfer ko ang milyones ko sa bangko nyo. hahaha!

yun lang!

nga pala, for the record, this is my 1000th post. kung hindi kayo naniniwala, eh di bilangin nyo. hehehe.

8 comments:

vemsan said...

ay sya kahit ho 500K ok na sa akin..aantabayan ko yung transfer...hahahah

poker face said...

congratulations sa 1000th post mo.

Ang alam ko sa phonebanking balance inquiry lang at magbayad ng bills ang pwede. Pero ang pwede mong bayaran na bills kailangan i-enroll mo muna sa bangko. Di ka pwede magbayad ng bills na di naka enroll sa telephone banking. Di ka rin pwede maglipat ng pera sa ibang account unless inenroll mo yung account sa bangko mo.
kaya ganito lang ka-limited ang features ng telephone banking dahil naisip na nila yung mga pwedeng mangyari dahil nga walang encryption.

kaya kahit ma wiretap yung account mo ang worst lang na mangyari is malaman yung balance mo o kaya bayaran nila ang bills mo. di sila pwede mag withdraw o kaya itransfer pera mo sa account nila. in any case wala mawawala na pera sa iyo. at kahit malaman nila ang account mo iba naman ang telephone PIN at ATM PIN. di rin sila makakawithdraw sa account mo dahil wala yung ATM card sa kanila at iba yung telephone PIN at ATM PIN.

Mas malaki pa ang mawawala sa mag wiwiretap kasi mag-iinvest sa equipment nila kaysa sa makukuha niyang benefits.

kaya kung gagawa ka ng cost-benefit analysis mas malaki ang magiging cost kung iimplement ang mga sinasabi mong mga solution. kaya malabong mangyari ang sinasabi mo unless dagdagan nila ang features ng telephone banking to include transfers sa ibang account numbers na di mo inenroll. sa scenariong ito baka iba na ang magiging result kapag nag cost benefit analysis sila. kaya sa ngayon wag kang matakot na mawala ang milyones mo ng dahil lang sa telephone banking.

kukote said...

@vemsan... hahaha!

@poker face... thanks for your opinion. i've always wanted to have a nice discussion like this.

yung mga wire tappers, andyan na sila, lurking around, waiting for their next victim. siguro nga, kung mag-iinvest sila just to lurk for your phone banking transactions, talagang kagaguhan on their part. but it's a fact that they exist, kaya nga nagkaroon ng hello garci.

well, tama ka rin, they need to enroll para magaccount transfer and pay their bills. pero hindi ba malaking hassle din sa iyo if one day, you found out na nawalan ka ng milyones dahil ibinayad ng isang hacker sa meralco? well, mababalik sa iyo ang pera, pero yung abala at oras na nawala sa iyo para ayusin ito, hindi mo na maibabalik.

and since this involves money and bank account, the issue of privacy is compromised. you cannot say that the phone banking is safe and secured kung kayang kayang makuha ng mga wiretappers ang details ng bank account mo. kung ang irereason-out sa akin ng bangko upon inquiry kung bakit ganun yung phone banking system nila ay "ok lang yun, hindi ka naman makukuhanan ng pera, malalaman lang nila yung account balance mo, it's not a big deal." well, it might not be a big deal to you, but for me, it is. and i think, it's a big deal for majority of bank account holders, kasi, kung hindi yun big deal, wala na sanang Bank Secrecy Law.

MALDITAH said...

i do most of my banking transactions online.. minsan lang ako mag telephone banking kse wala akong pasensya mag antay sa phone minsan.. hehehehe

major said...

wala kong ipon kaya wala ko alam dyan..hehe! Alam mo ba na there's a group called 69family a few years back that can hack phones? korek yung usapan nyo ni pokerface na di nahahack at can be paid for bills lang. The group i'm talkin do it just for the sake of fun buti na lang nawala na sila...Syanga pala, yung co-founder nung group na yun is...ehem! hehe

DanieL said...

congrats sa 1000th post. para sa susunod pang 1000 na posts!

Des said...

'yung bank naman namin, it's the other way around. you can't access the toll-free number by using a cellphone or a pay phone. pero kahit saang landline, pwede. i asked about this before, and ang sabi sa akin: kasi daw, mas madali ang tracking kung landline na (of course) registered with phone companies. hindi katulad ng cellphones na it can be passed onto someone else, especially if it's prepaid.

when it comes to fund transfers naman, we're only allowed to transfer funds between internal accounts (the caller's name is on each account), if done over the phone or online. kung kailangang mag-transfer ng fund sa external account or account ng may account, it has to be an over-the-counter transaction.

voice recognition...sa states, yung bank ng parents ko, may ganyan. pero not really voice recognition pala. kasi, it doesn't ask for a specific voice...it's more like voicing out the selection being made. ang nakakatawa lang, minsan kailangang i-slang yung boses, para maintindihan ng automated teller, or else, magre-resort 'yung teller na i-hang up na lang yung line...and you'll hear, "goodbye!" hahahaha

lastly, congrats sa 1000th post mo

Saint Eroica said...

aha! may milyones ka pala!!!!! manlibre ka naman! bat di ka pa mag-asawa! humayo at magparami... ng pera!