Telephone vs. Internet Banking

 Several people I know have expressed concerns recently over Internet banking. The news and other media are always running stories on how insecure the Internet is, but lets not forget that it beats the other methods of remote banking by a long shot.

Telephone banking, an alternative considered safer by many, is far from that. When using an Internet Banking site, your communications are encrypted with a strong symmetric encryption key, negotiated between the bank server and your web browser based on SSL (Secure Sockets Layer). Typically 128-bit keys are used, which are sufficiently secure to resist attack given today’s average computing power.

On the phone, however, there is no security at all. In many cases, operators, engineers and telephone hackers can listen in on any call they choose, alter the contents, and replay the calls at a later date. SSL-based Internet transactions are protected from such attacks by the implementation of SSL itself, but telephone banking is considerably less secure.

Perhaps, instead of scaring the world with stories of security lapses, thousands of credit card numbers being released and similar, it would be useful to show just how much Internet Banking has added to the security of transactions, and how banks fare online every single day, resisting attack from countless adversaries.

Maybe then, people would be less afraid of the Internet, and learn of the true dangers; sending bank details by e-mail, phishing attempts which involve requesting private information through unauthorised channels.

Security as a whole would be improved by reducing the scaremongering and emphasising what really matters!