Modern mobile identity: Moving away from SMS-based authentication
•
0 likes•138 views
Why should banks wave goodbye to authentication via SMS-OTP? Authentication via SMS-OTP is considered outdated because of higher overall costs, low user convenience, and insufficient regulatory compliance in specific geographic regions, but primarily for practical security reasons. Banks and financial institutions should phase out this method and replace it with more secure user authentication, such as via mobile apps or hardware tokens.
Recommended
More Related Content
Similar to Modern mobile identity: Moving away from SMS-based authentication
Similar to Modern mobile identity: Moving away from SMS-based authentication (20)
More from Wultra
More from Wultra (8)
Recently uploaded
Recently uploaded (20)
Modern mobile identity: Moving away from SMS-based authentication
- 1. CONTACT Petr Dvořák email: petr@wultra.com phone: +420 728 727 714 Modern mobile identity: Moving away from SMS-based authentication
- 2. We help the leading banks and fintech companies to secure their digital systems and bring trust to customer journeys. 2014 Founded 550+ References 5 Continents Powered by
- 3. SMS OTP
- 4. Tragically Insecure Phishing Since the codes must be rewritten to related applications, they are susceptible to phishing. SIM Swapping Due to insufficient KYC processes at telco, incorrect user may obtain the SIM card. Android Malware Standard features of the Android OS allow reading SMS messages or screen contents (accessibility). Telco Infrastructure The SMS infrastructure is antique and therefore, messages may travel or be stored unencrypted.
- 5. And More Issues… Way Too Costly The more your users use your systems, the more you pay for SMS delivery. Hard to Read Since the text in SMS message is not formatted, it is not easy to review the operation. Hard to Use Since the code from SMS has to be rewritten, there is additional friction in user experience. Low Compliance Regulatory frameworks such as PSD2 are suggesting shift away from SMS codes.
- 6. There has to be a better way!
- 7. Mobile Token PSD2 Compliant Strong Customer Authentication
- 8. Just Use a Mobile App… ➡ Secure and compliant ➡ User-friendly ➡ Cost-effective ➡ Branded experience
- 9. Digital Onboarding ➡ Access within 5 minutes ➡ User-friendly, mobile-only process ➡ Personal ID and facial biometrics
- 10. Customer Authentication ➡ Login and payment confirmation ➡ Biometrics or PIN code ➡ Dynamic linking
- 11. Mobile Security ➡ Multiple layers of security ➡ App Shielding ➡ Persistent malware protection
- 12. Mobile token is as simple to introduce as SMS OTP. "
- 13. SMS OTP Telco System Infrastructure Your Digital Banking Backend Applications Send SMS OTP SMS Gateway System SMS App Rewriting 12345678
- 14. Mobile Token Mobile Token Infrastructure Your Digital Banking Backend Applications Cloud or On-Premise RESTful API Create Operation Push Notifications Rich Mobile App Confirming
- 15. Straightforward Technology POST /v2/operations { "userId": "user-1232", "template": "payment", "parameters": { "amount": "2443.54", "currency": "EUR", "account": "34842343208/5500" } } developers.wultra.com
- 16. For Mobile and Web SDK SDK APP Mobile Banking Internet Banking
- 18. Joyful Painful Expensive Cheap Mobile Token SMS OTP Card Reader USB Token OTP Generator
- 20. Just Use a Mobile App… ➡ Secure and compliant ➡ User-friendly ➡ Cost-effective ➡ Branded experience
- 21. Thank You! CONTACT Petr Dvořák email: petr@wultra.com phone: +420 728 727 714