SMS authentication in banking
Consumers are becoming increasingly savvy and demanding about online security - for everything from their cloud storage and mail accounts to shopping transactions and banking. Where they should be particularly concerned is with online banking security. Bank scams are on the rise, with as many as 56 serious vulnerabilities introduced to websites every year (according to a Whitehat Security Statistics Report). Did you know that there is a website which names and shames companies that do and do not support two-factor authentication? You can search by industry and see exactly which methods the companies support. Surprisingly, many banks are not getting the stamp of approval.
Login notifications are the baseline of good security
It all starts with ensuring that your customer is, in fact, the person logging into their account, not a hacker. A widely known way to do this is through a two-step mode of identification such as SMS authentication, using a fob or high-tech methods such as fingerprinting or iris scanning. Well-known online services such as Gmail, Dropbox and Twitter are using a two-step process - or at least giving a user the option of activating this service - yet several major banks are not. The reasons cited for this choice include anything from not wanting to inconvenience web users with an SMS every time they log in, to only asking for additional identification if unusual activity is detected on an account. In other words, these prompts are governed by algorithms, not personal choice.
Passwords are easy to guess, crack, buy, sniff, phish? The list goes on!
The tried-and-tested method still used by many banks is that of a unique and 'secret' username and password combination. Unfortunately, passwords are all too easy to crack, especially if they are weak. Therefore, more and more banks are turning to SMS authentication as the most cost effective option. Why SMS? With more than 7 billion mobile phone users in the world, it's safe to say that everyone owns a mobile phone these days, anywhere in the world. Receiving an SMS is not dependent on what handset you have or whether you have data. It also feels more personal to receive a notification on something you carry with you. If you are considering a second method of authentication to secure your online banking service, here are some of the benefits of SMS authentication:
Affordability: Compared to hardware-based options like fobs, SMS authentication is much more cost effective.
Always on: A fob can easily be misplaced or lost while a phone is always with you.
User experience: The online banking experience isn't compromised - customers receive a one-time password without delay and type that into their browser.
Easy to implement: This method of authentication is relatively quick and easy to roll out.
Reliable: SMS service providers have relationships with major phone networks to ensure that SMSes are delivered instantly, to almost any country in the world.
All you need is a phone number: SMS authentication is easy to implement because all you need is a user's (opted in) phone number.
SMS authentication, like any method, is not infallible. Fraudsters may get hold of a user's phone number by doing an illegitimate phone SIM swap. But it has been a popular mode of authentication for more than ten years and is certainly a cost effective way to add an extra layer of security. For more ideas on how other companies are using SMS within the Financial Industry, download our 101 uses for SMS guide.
Explore other articles
Step into the future of business messaging.
SMS and two-way channels, automation, call center integration, payments - do it all with Clickatell's Chat Commerce platform.
