Consumers are becoming increasingly savvy and demanding about online security - for everything from their cloud storage and mail accounts to shopping transactions and banking. Where they should be particularly concerned is with banking security. Bank scams are on the rise, with as many as 56 serious vulnerabilities introduced to websites every year (according to a Whitehat Security Statistics Report). Did you know that there is a website which names and shames companies that do and do not support two-factor authentication? You can search by industry and see exactly which methods the companies support. Surprisingly, manybanks are not getting the stamp of approval.
It all starts with ensuring that your customer is in fact the person logging into their account, not a hacker. A widely known way to do this is through a two-step mode of identification such as SMS authentication, using a fob or high-tech methods such as fingerprinting or iris scanning. Well-known online services such as Gmail, Dropbox and Twitter are using a two-step process - or at least giving a user the option of activating this service - yet several major banks are not. The reasons cited for this choice include anything from not wanting to inconvenience web users with an SMS every time they log in, to only asking for additional identification if unusual activity is detected on an account. With other words, these prompts are governed by algorithms, not personal choice.
The tried-and-tested method still used by many banks is that of a unique and 'secret' username and password combination. Unfortunately, passwords are all too easy to crack, especially if they are weak. Therefore, more and more banks are turning to SMS authentication as the most cost effective option. Why SMS? With more than 7 billion mobile phone users in the world, it's safe to say that everyone owns a mobile phone these days, anywhere in the world. Receiving an SMS is not dependent on what handset you have or whether you have data. It also feels more personal to receive a notification on something you carry with you. If you are considering a second method of authentication for your financial institution, here are some of the benefits of SMS authentication:
SMS authentication, like any method, is not infallible. Fraudsters may get hold of a user's phone number by doing an illegitimate phone SIM swap. But it has been a popular mode of authentication for more than ten years and is certainly a cost effective way to add an extra layer of security. For more ideas on how other companies are using SMS within the Financial Industry, download our 101 uses for SMS guide.