I’ve got a friend who got rid of his land-line phone a few months ago. We were discussing telephone banking the other day. I’ve always assumed that it’s not a great idea to perform financial transactions over a cell phone – broadcasting account numbers, PINs and other sensitive info over a wireless phone just seemed, well, unwise. Like sending credit card numbers over email or something.
He says it’s no big deal – that someone would have to go to a lot of trouble to try and get ahold of that info, because cell calls are under some level of encryption.
So what’s the straight dope? How easy would it be for someone with nefarious intent to find out your PIN by listening in on a cell phone call?
In the good ol’ days of analogue mobile phones, anybody with the right receiver could tap into your calls. Nowadays, it’s all digital with some encryption. And it’d be a crazy amount of hassle for someone to sit listening into calls waiting for a telephone banking one, when there’s so many easier ways to get hold of enough information to commit fraud.
I guess it could actually be easier for them to tap landlines - where they leave the building above ground, it’d be easy to access them.
Well, usually the only things you can do over the phone are check your balance, see if checks have cleared, or transfer money from savings to checking etc.
So until cellphones, along with being cameras, gameboys, and mp3 players, become ATMs containing Star Trek-like spendable ‘credits’ how much harm could anyone really do?
You’d get account numbers and PINs from my bank. You’re right – there’s probably not a lot one could do with that. (Although I’m sure some more creative minds out there can tell me how very much “not a lot” is.) More broadly, though, I was wondering if it’s safe to type credit card numbers and other sensitive info into a cell phone. Sounds like it is, at least reasonably so.
Well your online password is never the same (or shouldn’t be) as your ATM PIN number. As far as credit card numbers I’d be more worried about the cellphone storing the CC number in its readable by anyone LCD display than any potential data interception.
If your phone uses CDMA (Verizon, Sprint PCS, Alltel, some others), you have nothing to worry about. If it’s another digital system, you probably still have nothing to worry about - they’re less secure, but still pretty safe. Eavesdropping on digital cell phones is so complicated that only government agencies would have the time and equipment to do it, and they can just tap your line at the phone company’s end anyway.
Note that CDMA doesn’t protect a digital cell call 100% from end to end. If you tap into the right places along the way, you can record a call. The Government does this all the time for wiretapping purposes. Note that it requires “cooperation” from someone in the phone company. Such “cooperation” may not be legally sanctioned.
It’s just a higher-tech version of having a buddy at the old copper phone company who sets up a tap on your ex’s phone line so you can stalk them.
In security, people are always the weakest link. And you can’t avoid them.
All cell phone base station equipement in the US has to be designed for easy wire tapping from the government. In this regard it is no different from landline equipment.