HELSINKI, FINLAND - In snowy Finland, home to cell-phone giant Nokia, the five million inhabitants there love the wireless life so much that 62% of Finns have GSM-based mobile phones. So it's not surprising that Finland's second largest bank, Leonia, wants to make its online banking services available through wireless handheld devices.
But security issues loom large since Leonia wants to be able to check the user's identity and encrypt the wireless traffic, especially since the bank is rolling out a raft of new services in a few months, such as online stock trading.
"A full 25% of our 325,000 customers already use our online Internet banking services for paying bills, checking balances or applying for loans on the Internet," says Matti Inha, vice president of Leonia Bank. Inha says the new wireless banking services will also add online stock trading and mutual funds investment, which could all be done through mobile phones or devices supporting the Wireless Application Protocol (WAP).
An industry standard, WAP forms the basis for a minibrowser in wireless devices that use WAP's so-called Handheld Devices Markup Language - a stripped-down version of HTML without the graphics - to display Web information. It also support a wireless version of the Web's Secure Sockets Layer, but is modified to work faster than SSL over the low-speed wireless connections.
The Nokia Model 7110 and the Ericsson R320 support WAP, says Timo Laaksonen, vice president of wireless security marketing at Sonera SmartTrust, the security-technology subsidiary of Sonera, the Helsinki-based data and mobile telco service company. Sonera is teaming with Leonia Bank to develop the wireless banking applications.
In addition to WAP, any phone that supports the so-called Phase II GSM phones with a Subscriber Identity Module - a smart card for information on the owner and storage space for a personal phone book - can also use the Leonia Bank wireless applications.
But whether its customer uses a SIM or MAP phone, Leonia will require the phone be upgraded to use a digital certificate to provide security in the wireless financial transactions.
The digital certificate will provide user authentication, encrypt the user's transaction, and ensure it wasn't tampered with, Laaksonen says. For the Leonia Bank applications, Sonera selected the CyberTrust certificates. "The CyberTrust technical platform is well-suited for large numbers of certificates, and we expect to support anywhere from half a million to two million," Laaksonen says.
Getting the certificates in the hands of the mobile phone users will be a challenge, but Leonia Bank will be emphasizing the role the certificates play in preventing fraud when used in financial transactions.
"Other Finnish banks are just using passwords and pin numbers, but this is better," Inha says. The bank is still mulling over the service charge for its wireless banking services, which will probably be set at around 20 Finnish Marks per month.