Thailand’s AIS has partnered with CIMB Thai to launch its Beat Banking mobile banking solution to support Thailand’s digital economy initiative and bring 24-hour mobile banking to its 44 million subscriber base. Its associated Beat Savings solution offers 2% interest on the account.
Applications can be made at both CIMB and AIS branches and the telco has partnered with a wide variety of touchpoints are available for deposits. Accounts can be accessed from AIS’ existing mPay platform or from www.beatbanking.com.
However within hours of the formal launch the Bangkok Infosec community was quick to point out that the e-banking website ran broken encryption.
Specifically, beatbanking.com runs HTTPS encryption but with a flawed implementation that is vulnerable to the POODLE (Padding Oracle on downgraded legacy encryption) attack that was first revealed back in October 2014. Anyone using an older browser that does not support TLS could conceivably be subject to a man-in-the-middle attack that could eavesdrop on encrypted communications.
Mr. Subhak Siwaraksa, President and CEO of CIMB Thai Bank noted that since the soft launch of Beat Savings in September 2004, more than 10,000 users have already signed up.