Conventional SMS Authentication
Most banks in first world countries have some form of online banking available to users to utilise.
The challenge banks face is the ever-changing landscape of cybercrime. Originally this lead to the use of a second form of authentication, however now this older security process has known exploitable routes by cyber criminals; currently another means of enhancing online security is required.
Cyber criminals have found for example that an easier way than beating a bank system is to use ‘social engineering’ an established technique of playing on the feelings and weaknesses of people; in this case the online and phone-based support workers.
This new exploitation is based on two processes, first collecting user data, and then contacting a bank while stating they have lost their phone. As with marketing techniques of coercion they mention and sometimes play audio of a child crying that they need to transfer or access their account to quickly feed their child.
If they find out that they need access with a mobile phone for verification then it becomes more of a challenge to them. Either at this point they give up or they find a way by hacking the phone. There are so many applications on a modern phone that are not up-to-date, that they usually get access from exploits. All they really need to know first is the targets number, which can usually be found online, or from searching bins.
Many banks use random code generator devices that they give to customers to aid in mitigating these types of attack, however they cost money to implement and replace and the weakest link is still the bank employee.
What’s the future of Financial SMS Authentication?
Since the bank employ is the weakest link there needs to be another form of security, and luckily there is. Financial SMS utilises a 2-way SMS conversation. It can help with identifying the person while also taking the bank employee out of the loop during security checking.
In addition to just authenticating a user, such systems can now have a database threshold limit set for the user to automate flagging events to banks to freeze payments that are deemed out of the ordinary.
If a cybercriminal has cloned or spoofed your phone then both parties will get the message and dispute a purchase started, quickly halted for authentication. By doing this then the user can stop transactions that are paused for confirmation.
The current state-of-the-art is the development and roll out of passive monitoring to ensure you are in the location that you are expected to be. GPS, behavioural, and biometric data from smart phones will be used and while not perfect as it requires the consent of the user, it may help stem cybercrime further.
If this monitored data predicts that you should be at a coffee shop or gym on Saturday and purchasing refreshments, why are you trying to purchase a games console if you have never purchased similar prior. This plus location and multifactor authentication may help identify anomalies and work hand in hand with 2-way SMS to close the ambiguity loop that allows cyber criminals to operate.
It is likely that financial SMS services will gain further momentum over time and only go to complement other verification systems over time. Banks already know about the human nature of support staff being a weak link in cybercrime. By retrieving more data from the user and cross referencing this with behaviour pattens and other banking models will online banking and account accessibility be secure.
Click for your: financial Sms Services
