For those that don’t know, Citi now has a mobile banking midlet that recently became available for the general public to use. When I went to the web site to sign up, I was disappointed to see that T-Mobile isn’t actually supported, even though other carriers are.
As it turns out, you can get this to work on an unsupported phone thanks to predictable sequence ids. (You can’t expect your bank to be secure and support the latest technology, right?)
Here were the steps I took to get the servie registered with the right phone number on an unsupported carrier and handset:
- Find a trustworthy friend with a supported handset and carrier (you need a pin number to login anyway, so it’s less bad than it sounds)
- Have the service send that handset a message
- Send a message to the handset whose number you want on any carrier (simply lie about the carrier when it sends the SMS)
- Add the second handset as soon as possible
- Retrieve the URL from the first handset. In my case it looked something like this: http://citimobile.da-us.citibank.com/svctl/Provisioning?rt=3&at=99&uid=12345.
- Go to the target handset and keep incrementing the number on the url and installing the application until it lets you use that number to login.
- Remove the dummy handset with the friend’s number.
Voila, CitiMobile on a T-Mobile V360.
Note: Since this technique relies upon the fact that they use predictible URLs, it helps if you do it at a time when they aren’t likely to get a lot of requests to minimize the possibility of trying to use someone else’s URL for your phone.