Why does my digital bank need my phone date and hour to be correct?

One of the reasons can be the usage of the digital signature. If the time on your phone differs essentially from the actual current time, this may cause your phone to reject signatures done by the bank server, or your bank to reject signatures done by your phone.

Why is "Automatic Date & Time" important? Of course, the internal time representation on the phone (milliseconds from 01.01.1970 till now) does not depend on the time zone. But it depends on what you do with this. Suppose you are in the time zone ACT = GMT-5. Suppose your local time is 4:00 ACT, which is 9:00 GMT. Now suppose you disabled "Automatic Date & Time" and set the current time zone explicitly to GMT. Your phone shows immediately not 4:00, but 9:00. The internal time representation remains still unchanged, only GUI representation changed.

But now you see, that 9:00 on your phone differs from the time on your friend's phone. So, you manually set time to 4:00. Now both your phone and your friend's phones show 4:00. But your friend uses ACT = GMT-5, where as you use GMT. Thus, the internal representation of the time on your phone is 5 hours behind the real time.

In such case, even if the bank allows tolerance +- 1 minute, this will be not sufficient. Any operations where time comparison is involved will fail.


There are security reasons why your bank may expect your mobile to have automatic date and time enabled. This will include protection against replay attack, where each request includes a timestamp, which is validated on server-side.

Having said that, time zones should have nothing to do with it. If you go abroad and can't use your bank mobile app, I'd suggest you to call your bank and make a complaint. To me it sounds like the original mobile app requirements might have been correct, but the implementation ended up with a defect.


In addition to Tim's answer, I would add that it also has to do with how SSL Certificates are verified.

If you log onto your computer instead of your phone, and change the date and time on your computer so that it doesn't match your current location time zone and time, you will run into all kinds of errors when you simply browse the internet. That's because the SSL certificates used to verify websites are not permanent, and there is a time comparison that happens within your internet browser (firefox, chrome etc...) to make sure that SSL Certificate the website uses is CURRENTLY valid.

If the system doesn't know your accurate current time, it can't verify the current validity of the security certificates used by the sites you are trying access. The same would be true for accessing a banking app on your phone, because the app connects to a server that uses certificates to verify it's authenticity.

Tags:

Time

Phone

Banks