Before rolling out wireless services, banks often seek to contract with carriers (such as Sprint PCS, Verizon Wireless or AT&T). Generally, banks agree to offer financial services in return for a prominent place on the carrier's default page.
But in the United States, where competitive carriers have their own proprietary networks and encryption algorithms, it is common for the carriers, not the banks, to manage the conversion of wireless data to Internet data. They control the "gateway," as it is called.
But when in the hands of a carrier, the gateway becomes a bank's Achilles heel--in both the right and left feet. The peril in the right foot is that carrier threatens the bank's relationship with the customer. The danger in the left foot is what could be a big hole in security.
Peter Klante, vice president of marketing for Tantau Software, a wireless software company based in Austin, TX, worries about the "security hole." Tantau helps banks extend their online banking operations to wireless.
Klante says that in the process of converting the "language" of wireless devices into Internet "language" (and vice versa), there is a brief moment when data is unencrypted and therefore vulnerable to prying eyes. He argues that banks should have control over their own gateways--called "enterprise gateways." Under such a solution, carriers would simply act as the pipeline, directing users straight to the bank. Though the company advises its clients against carrier gateways, Klante says Tantau creates applications that work with carrier gateways as well as those that function within the bank.
Paul Reddick, vice president of product management and marketing for Sprint PCS, denies any such vulnerability. Sprint--which offers wireless banking through Harris Bank of Chicago--uses a secure network and heavily encrypts data to ensure a safe transit, he says. "Vulnerability has not been a big issue. We don't store information--it passes through us--so it's not like we're privy to bank customers' information."
Despite Sprint's denial, Klante contends that the wireless banking services U.S. banks are toying with are a security gamble. "Banks are putting this out there and saying 'We hope nothing happens,'" he says.
This is not the case in Europe, where a standard wireless environment has facilitated the adoption of enterprise gateways, according to Klante. "Banks in Europe look over here and scratch their heads," Klante says. "They say that once the American banks start getting into this, it'll hit them that this isn't a secure model."
Toronto-based wireless software company 724 Solutions Inc. also warns that carrier gateways are vulnerable. Like Tantau, 724 can work with both bank-controlled and carrier-controlled gateways. But Ian Hobbs, vice president of product line management, argues that if U.S. banks were to start adopting their own gateways, it could create a whole new layer of problems. Certain phone browsers, for instance, don't work with certain enterprise gateways, and some enterprise gateways' encryption technology does not meet the security needs of banks, he says. "Sure, it's a technology that's very attractive, but there's a lot of baggage that goes with it," Hobbs says.
The carrier and the bank share a "symbiotic" partnership, Hobbs says. Well-known carriers such as Sprint, with 7.8 million wireless phone-service subscribers, offer banks access to their large customer base. "If the financial institution goes with an enterprise gateway, they essentially cut themselves from the installed [consumer] base of the carrier," Hobbs explains.
In the case of Harris Bank, Sprint provides its banking customers a convenient start-up page, from which they may access various valuable services, says Mark Dickelman, vice president of m-commerce and wireless services for Harris and itsowner, Bank of Montreal. Customers--who must first be Sprint subscribers--simply activate their browser on their handset, select the financial services category from Sprint's list of wireless-Web links, and then select Harris Bank, he says.
"Having a partnership with a carrier makes a lot of sense," says Dickelman. "The carrier has a very important role in wireless banking, the banks have a very important role--they're different and they're complementary."
Beyond losing control of security, banks that agree to use a carrier's gateway are forfeiting their customer relationships, says Klante. "The carriers are trying to insert themselves between the customer and the bank." The current model is too "closed," with carriers controlling where their customer goes and what the customer sees. "Our stance is that this is just fundamentally the wrong model," he says.
However Sprint's Reddick says Sprint is a "open" network, which allows users to specify and bookmark certain sites not associated with Sprint. "I think the customer knows that Sprint is not trying to be their bank," he says. "The bank doesn't really lose that relationship with the customer."
Despite his qualms with the current wireless model, Klante says banks shouldn't avoid offering wireless services altogether--even if it means temporarily resorting to a carrier-controlled gateway. When it comes to staying ahead of the wireless wave, something is better than nothing, he argues.
So banks should take a firm stance when negotiating partnerships with carriers, Klante suggests, and keep close tabs once that partnership progresses. "As this grows, you need to take control of the customer relationship," he says. "It would be a mistake just to let it grow and grow and then realize, 'Uh oh, I've got a problem.'"