Sending PINs over SMS


(James Billingham) #1

It seems a bit odd to me that you send PINs via SMS.

SMS is known to be consistently very insecure, and a reasonably motivated person can intercept them without too much difficulty.

My phone also doesn’t consider SMSes to be particularly sensitive, so it syncs them with all my Apple devices. Deleting a message from one doesn’t delete it from the others, so my less-regularly-used devices probably still have my current PIN visible on them!

It seems to me that it’d be much more secure to display the PIN once within the Mondo app. The app’s comms are encrypted & authenticated, and it can make sure to discard the data immediately after the user has dismissed it.

What was the reasoning here?


(Hugo Cornejo) #2

You’re right, sending the PIN via SMS is far from ideal and we will make it through the app at some point.

The reason we did it that way was mainly pragmatic (call it alpha if you will), SMS works out of the box without any kind of user interface around it + we thought the majority of the users will change their PIN via ATM during the first days of use anyway.

But I take your point on iCloud syncing and Messages. That’s a bit of a mess. We’ll do it better :slight_smile:


(Rika Raybould) #3

Just to add to this, it’s comically easy to take over someone’s phone number, intercept or access their pending SMSes through the carrier. It should be used for verifying the phone number only.


(Michael Eaton) #4

To be fair they would need your card to do any actual damage. Getting your PIN number via SMS sounds great. Post can be a nightmare!


(James Billingham) #5

You can do it virtually without it being insecure. Showing it in-app is one possibility which is better than SMS, but I’m still not convinced it should be possible to access from their servers.

Maybe as a one-time thing when resetting to a new PIN though.


(Caleb Wong) #6

I guess some time soon the app will have its own secured inbox/chat for all communication. But for alpha as stated, SMS is really quick to receive the pin, and the next day was just simply visiting an ATM to change it.

Nowadays even whatsapp have end to end encryption, so I guess Mondo will need that too for the whole app and make some changes to communication with users. Hope to see an update soon!


(William Hamilton) #7

You could change the SMS type to 0; a Flash SMS.

A Flash SMS is a type of SMS that appears directly on the main screen without user interaction and is not automatically stored in the inbox.

I recently encountered Flash SMS when signing up for Gov.uk Verify through the Post Office. They use Flash SMS to generate your one-time passcodes to log into Gov.uk Verify services.


(James Billingham) #8

That’d be an improvement, but it’s still not a secure protocol. There are also some usability issues with flash SMSes. Also not sure if Twilio allows you to do that.


(Jaynish) #9

I understand that in the future pins will be sent in a different way than the sms method used in the alpha stages. But I still feel sending pins via post is probably still the safest way. Postal services are still very secure (I mean the mondo cards are actually sent that way) so a secondary letter (sent on a different date) containing a pin which prompts the user to change it first time used at an atm would still be a safe method.


(Caleb Wong) #10

I would say to use postal service for delivery of card and pin is a kind of way to verify the user does stay there as home, preventing fraud. But as Mondo is moving to the next level of modern banking, their process to be secure and also flexible to new technology is still “in beta”. Hope they learn from this alpha test and be as secure as possible when they start the banking features!


#11

Hmm, I kind of disagree with a lot of people here.

The Physical Card is delivered through the post.
The PIN is send via a totally different channel; SMS.

This makes sense from a security standpoint. If they post your pin to you; realistically it will need to come around the same time as your card otherwise the card will be useless for ages. Now, if your post was intercepted (for whatever reason; dodgy postman, neighbours, delivered wrong place) then they will in theory be able to get the two pieces of important information.
The card is useless without the pin, and the pin is useless without the card.

As such; two different methods of delivery actually supports a secure model. A postman couldn’t intercept the text, but could a card. A Hacker or whatever may be able to intercept your SMS / get it off the cloud; but they wouldn’t have the physical card.

The company I work for (can’t name them, but they are FCA regulated and part of the FTSE100) deals with a lot of sensitive information. If we are going to send something via post; we will ensure the second part (the digital key for example) is sent via a totally different medium to remain secure. While one could be intercepted, its unlikely both totally different channels would be.

As such, for all SMS’s fault its about as secure as the postman… both are insecure. But combine the two together and you got a reality secure delivery mechanism.


(Andrew Ross) #12

I agree with @snook - prefer having card sent through post and PIN on phone. To me this feels safer then both through the post.


(knows someone who knows Tom quite well) #13

Or do what number26 do and allow you to set the PIN from the app when you activate the card.


(Adam Hockley) #14

many prepaid cards do sms pin codes you suppose to change it when recieve it so txt is okay. doesnt matter as card is contactless you can use with out someone stealing your pin .


(Dihan) #15

Revolut seem to have a nice solution for pins. Maybe use something smilar.


(Rika Raybould) #16

In my experience, they really don’t. My Revolut card remains unusable because the PIN won’t sync between the network and card. :frowning2:


(knows someone who knows Tom quite well) #17

I had the same. Putting it into a cash machine to get the balance appears to have solved it.


(Tom Morgan) #18

I think this is a mountain out of a mole hill. PIN by SMS worked great. It’s quick and efficient and someone taking over my phone to get the PIN and wrestling my card out of my hand is a very very unlikely combination of events.


(James Brown) #19

PIN over SMS is brilliant, no waiting three days after you card arrived for a PIN number, fast and efficient as well as not having to destroy a PIN Letter, just delete the text. I agree with most people on here. Really if you are concerned about security, go to an ATM and change your PIN, simple!


(Tim Robinson) #20

Guys if you aren’t manually updating your PIN to something personal once received then I feel you have more to worry about.

PIN over SMS was brilliant as was the notification/confirmation in app that PIN change at ATM.

In app secure messaging could be better I suppose, but still better than Snail Mail.