First Interstate Bank, a regional bank with 50 locations and 100 ATMs in Montana and Wyoming, has launched a mobile banking site at firstinterstate.mobi. The bank is doing a good job of promoting the site with a prominent ad on their web home page and an extensive video tutorial.
Themobile site has ATM and branch lookups which do not require a login to use and include maps, driving directions and, for the branches, hours and click to call phone numbers.
First Interstate customers who have registered for mobile banking have access to most of the usual online banking features; viewing balances, lists of transactions and pending activity, details of individual transactions and transferring funds between accounts. About the only thing you can't do is pay bills.
Mobile banking tends to be overly complicated due to security concerns. First Interstate is using an approach I haven't seen before that seems relatively user friendly and very secure. The process works like this:
- Register for mobile banking on the bank's PC website. You need to provide your mobile number, mobile provider and a four digit mobile banking pin.
- You will recieve a text message containing a link to a one-time mobile banking URL and a six digit one-time password . Click the link and enter your login ID and mobile pin. The one-time password is only needed If your phone or provider doesn't allow you to click on links in URLs, in which case you have to go to firstinterstate.mobi and enter your ID, one-time password and mobile pin
- Each time you successfully log into mobile banking the bank sends a new SMS with a new one-time URL and password. If you don't receive the SMS or accidentally delete it, there's a button on the mobile login screen to request a new one.
The use of something the user knows (the mobile pin) and something the user has (the mobile phone containing the one-time PIN or URL) makes this a two-factor authentication system. Bank auditors generally insist on two factor authentication for mobile banking. Other mobile banking solutions have implemented two-factor security using a downloadable app with embedded unique identifier or cookies. I've also seen systems requriring the user to answer a secret question chosen at random from a list of questions and answers submitted by the user at signup which isn't really two-factor as both the PIN and secret question are both things the user knows. The solution used by First Interstate is more portable than requiring the user to download an application which would only work on some phones, much more reliable than cookies and more user friendly than the secret question approach. The downside is that the user has to pay for receiving a text message every time they use the service.
If any of my readers have used First Interstate's mobile banking, I love to receive comments about how well it works and if the cost of the text messages is a concern.
Mobile Link: firstinterstate.mobi
Ratings: Content: Usability:
Filed In: Business/Banking and Payments