Many organizations rely on SMS to send consumers one-time passwords (OTPs) as a step in the two-factor authentication process. This gives them added confidence that a consumer is who he or she claims to be by sending a password to that person’s device before allowing them to access an account or complete a transaction.
However, the National Institute of Standards and Technology (NIST) recently took the stance that OTPs via SMS may not be secure, and organizations should use other identity authentication methods when doing business. Understanding NIST’s concerns about the technology, and its vulnerabilities, will allow companies to analyze their current verification systems and improve processes to fight fraud and eliminate risk.
Vulnerabilities in SMS Communication
Any time an organization requires a user ID and password in order to access information, such as an online bank account, it gives hackers incentive to launch attacks on consumers in an effort to steal those credentials. While the idea behind two-factor authentication using SMS is well intentioned, it does not end up discouraging fraudsters from hacking their way into a system.
Some of the ways criminals exploit vulnerabilities in SMS include:
The authentication system believes that it has been successful in verifying a user, but it has actually been tricked.
Secure Authentication with IDology
It is paramount that organizations strengthen their identity authentication processes to keep fraud out of the equation. IDology’s ExpectID Mobile platform gives businesses a more secure and robust solution that uses real-time access to Mobile Network Operator data combined with device and identity data.
IDology has solutions that can be customized for any organization, including tools aimed at strengthening verification for mobile. Rather than relying on outdated username and password combinations, and SMS OTPs that are insecure, implement a system which adds to your confidence that your customers are legitimate at both account origination and future access attempts.
Learn more about the benefits IDology delivers to your organization by contacting a representative today at 866-520-1234 to request a demo.