Is Entering Personal Information via Phone Banking Keypad Secure?

Many banks require customers to enter their customer number, internet banking password, and date of birth via the phone keypad before being connected to a staff member. This raises concerns about the security of personal information and the potential risks associated with this method.

When using the phone keypad, each detail entered is followed by the # symbol. These details, including the customer number, password, and date of birth, may remain on the screen for the duration of the phone call, depending on the phone being used.

Furthermore, transferring money via phone banking does not always require 2-step authentication, unlike using the banking app or website. This lack of additional verification raises questions about the overall security of the phone banking method.

In the context of a smartphone, there are concerns about the ease with which malware, spyware, and keyloggers could extract the numbers separated by the # symbol. This would potentially grant unauthorized access to the associated bank account.

However, it is worth noting that keyloggers on smartphones do not pose the same level of risk as keyloggers on PCs due to app sandboxing. Rooting the device, installing a custom (malicious) keyboard, or side channel attacks might still allow for such a security breach.

In my experience, banks often require an extended authentication process when adding a new recipient for money transfers via phone banking. This additional step adds a layer of security and reduces the risk of unauthorized transactions.

While there may be some security concerns, it is unlikely that simply visiting a malicious website on a smartphone would result in keyloggers extracting sensitive data. The risks associated with phone banking keypad entry are generally lower than those associated with less secure PCs.

For more information, you can refer to the following resources:

Leave a Reply

Your email address will not be published. Required fields are marked *