advertisement

FBC’s Mobile Moola Has A Serious Security Flaw: Account Holders Don’t Receive SMS Alerts When A Purchase Is Made

advertisement
FBC Bank

[Updated]

FBC have since issued their own response here.

advertisement

After going through the impressive five minutes it takes to open a FBC Mobile Moola account and linking the account with Ecocash, I decided to take it for a spin. After making a routine purchase I instinctively checked my phone to see how much had been deducted from my account.

There was no SMS alert from FBC so I just assumed it was a network issue. Although it doesn’t happen as often as it used to in the past, these glitches still happen. Sometimes the message comes several hours later or never arrives. However after using the card for a few days without receiving an SMS alert every time I made a purchase I became a little concerned.

advertisement

I quickly narrowed possible reasons for this “glitch”. Either my account was a little bit new and had not yet been completely configured or the whole thing was by design. I got in touch with FBC’s support team on Facebook and sent them a message (DM). Turns out the whole thing is by design.

Good old greed at work here

Chat Screen with FBC Over the issue

The thing is Mobile Moola is a lite banking account that does not incur fixed banking charges that normal accounts incur on a monthly basis. Instead the lite account holder is charged a fee every-time they make a transaction including checking their balance. To encourage people to check their balances, and make money in the process, FBC deliberately does not send people their account balance information every-time a purchase is made. The reward for them is an irresistible $0.15 every time you check your balance.

A glaring security hole

So why is this a big deal you ask? Well card cloning and stealing is on the rise due to the increase in use of electronic payments. There have been numerous reports of people losing thousands of dollars to card cloning thieves. The best way to mitigate the issue is to send sms alerts for every transaction. This will mean that an account holder can quickly get in touch with their bank and stop the haemorrhage at the first sign of an unauthorised transaction.

With the FBC set up a thief will have all the time in the world to clean your account without you ever being aware. That is unless you are psychic or paranoid enough to check your balance on a regular basis. In the last case the costs pile up to such an extent where the FBC Mobile Moola account ends up costing more than a regular account!

FBC can find a compromise

It doesn’t cost much to send an SMS and FBC can still charge customers say extra $0.10 to send out balance information after each payment. That way they will still make money without compromising on customers’ security. I don’t think customers would mind that extra charge. I know I would appreciate the added security.

NB As far as I know this only affects the Mobile Moola Account and not other FBC accounts. Their FBC MasterCard now has a flawless sms alert that follows every payment.

In case you haven’t bought it already, buy the Techzim Insights report on the state of the payments sector in Zimbabwe for only $9.99 via Ecocash below:


Quick NetOne, Telecel, Africom, And Econet Airtime Recharge

If anything goes wrong, click here to enter your query.


WhatsApp Discussions

Click to join a Techzim WhatsApp group:
https://chat.whatsapp.com/BoRXdrAl6ES7cnZvV30ack

If you find the group full, please notify us on +263 715 071 199 and we'll update the link.


21 thoughts on “FBC’s Mobile Moola Has A Serious Security Flaw: Account Holders Don’t Receive SMS Alerts When A Purchase Is Made

  1. Although its a pain as you described, I’d not go as far as calling it a serious security flaw. An annoyance maybe not security flaw. The existence or non-existence of an SMs alert has zero bearing on the security of your account. Yes it does help to know every time money is taken from your account (convenience), but that’s an additional service on top of a probably secure banking platform. Your article title gives a totally different impression.

    1. I like to think of it as an alarm of sorts. Whether your door is locked or unlocked an alarm is still a security feature if it alerts you whenever there is entry

      1. Garikai Dzoma, I have no doubt that you need basic training in journalism. News is what is happening and not what has happened. How can you prepare an article based on a Facebook Chat which you had on 22 September 2018. Today is 14 November 2018…Honestly? Please be serious enough to respect your readers and the Techzim image! Where is the FBC Voice in the article?… dololo

  2. the title security flaw is not worthy the story, This is a nice to have feature not a security flaw, security can not depend on a standard that has an acceptable delivery time of 48hrs and is not reliable. Chances of double charges are highly likely as you will be charged for getting that sms and at the same time u may receive it late and u will do the balance enquiry and be charged again, when this happens this becomes a problem beyond anyones control as it will still be within the sla for sms delivery.

    1. When it comes to security it’s the little things that matter. Not having the feature degrades security in this case there is no doubt about that. In Zimbabwe SMS remains an important form of B2C communication unreliable as it is. The fact that FBC relies on sms to send you the balance anyway when you do check your balance rubbishes the idea that they’re not using it because it’s unreliable. In fact they use SMS to deliver the OTP you need to complete MasterCard transactions when they are handled by lesser known card processors.

  3. Mine i get a notification email every time I make a transaction. You are telling the truth don’t misllead people

    1. To be clear we are talking about mobile moola here not all FBC products. I know a lot of people with these accounts none receive any alerts whatsoever. Even FBC is confirming this in the communication shown above

        1. Well they charge you $0.15 every time you check your balance so that’s actually less than you would otherwise be charged

  4. Garikai Dzoma, I have no doubt that you need basic training in journalism. News is what is happening and not what has happened. How can you prepare an article based on a Facebook Chat which you had on 22 September 2018. Today is 14 November 2018…Honestly? Please be serious enough to respect your readers and the Techzim image! Where is the FBC Voice in the article?… dololo

  5. Haa apa Gari wanyora kunge this other dude you used to have at TechZim. It seems you feel strongly about SMS’s you deemed your opinion fact. Its not a fact that not having SMS alerts on an account is a serious security flaw, if that were the case then it should have been mandatory across the entire banking sector to have SMS alerts enabled.

        1. Enlighten me please maybe I am missing something. This is a Mobil e account I ticked every box so did my friend so no I did not miss any option. Yet I did not receive alerts.

  6. Steward back is exactly the same. They charge at every corner, mini statement they charge, check balance (even when it daily) they charge.

Comments are closed.