Don't Ditch SMS, But Change the Way You Use It:
Banks are facing a dilemma in using SMS messages to help authenticate their customers. On one hand, fraudsters are targeting such systems more. On the other, it is a method customers are accustomed to using...
IMAGE: ADOBE STOCK
Banks, like many other industries, rely on SMS-based notifications as part of two-factor authentication protocols, but there is rising pressure for them to use other methods. But should they shelve it altogether? Security experts say that is probably a step too far for now.
Ditching text messaging and shifting to a new form of authentication would likely confuse customers, security experts say. Instead, financial institutions should take a more nuanced approach, said Rich Rezek, vice president of market development for authentication solutions for the tech vendor Early Warning.
In implementing any new fraud measures, banks must always weigh the risk of fraud versus the customer experience, said Yossi Zekri, chief executive of Acuant, an authentication technology provider.
Common ways for a criminal to compromise an SMS authenticator include remotely hacking a phone and having the texts forward to a different phone, or to a computer via voice over internet protocol, Rezek said. In that scenario, the bank could utilize technology behind the scenes that observes how users behave and interact with the bank using digital devices, and send alerts when there are signs of fraud. For example, technology could detect if the device interacting with the bank is the one registered or a different mobile device or even a computer.
To read the full article please visit the link at the top of the page
Banks are facing a dilemma in using SMS messages to help authenticate their customers. On one hand, fraudsters are targeting such systems more. On the other, it is a method customers are accustomed to using...
IMAGE: ADOBE STOCK
Banks, like many other industries, rely on SMS-based notifications as part of two-factor authentication protocols, but there is rising pressure for them to use other methods. But should they shelve it altogether? Security experts say that is probably a step too far for now.
Ditching text messaging and shifting to a new form of authentication would likely confuse customers, security experts say. Instead, financial institutions should take a more nuanced approach, said Rich Rezek, vice president of market development for authentication solutions for the tech vendor Early Warning.
In implementing any new fraud measures, banks must always weigh the risk of fraud versus the customer experience, said Yossi Zekri, chief executive of Acuant, an authentication technology provider.
Common ways for a criminal to compromise an SMS authenticator include remotely hacking a phone and having the texts forward to a different phone, or to a computer via voice over internet protocol, Rezek said. In that scenario, the bank could utilize technology behind the scenes that observes how users behave and interact with the bank using digital devices, and send alerts when there are signs of fraud. For example, technology could detect if the device interacting with the bank is the one registered or a different mobile device or even a computer.
To read the full article please visit the link at the top of the page
