Banks are safe, right?
Of course they are – check out the thick walls, the cameras, perhaps even an armed guard or two.
Though your typical savings account doesn’t necessarily have a great rate of return compared to other investments, common thinking is that a bank is at least a safer place for your wealth than your mattress.
However, in the last few years, a big vulnerability has emerged for the banking system: cybercrime. Instead of a person with a gun holding up a local branch for whatever cash is on hand, cybercriminals have accessed larger financial networks and made away with much larger hauls.
Though individual accounts are still protected from these losses, the industry continues to look for ways to deter these crimes and make sure these institutions remain secure. One method, called authentication, requires account holders to provide more information beyond user id and a password to access an account.
There are several different types of authentication, but one in particular is gaining popularity: texting a short randomized number to a customer when they want to set or reset their password, or sometimes at every login. Here’s why SMS authentication continues to make sense:
- Customers are already proficient at texting. Rather than implementing a new system that might be a challenge to learn or add extra inconvenient procedures, users are asked to do something they already know how to do well: receive texts on their mobile devices. SMS software is also not especially expensive or difficult to implement, which might also appeal to budget-conscious banks.
- It reduces internal risks. One of the biggest cyber bank frauds was perpetuated by a multinational group of thieves. Their heist involved sending bank employees emails which looked official but took the recipient to a false site that infected the bank’s computers and made it easier for them to access network information and learn the system. Once they observed the process, they figured out the transfer and rerouting procedures and arranged the transfer of millions of dollars.
- It’s easier than alternative authentication methods. Ideally, every customer has unique physical features that can verify their identity, such as fingerprints or retinas, and, with the exception of spy movies, these are both hard to counterfeit. This type of identification, called biometrics, may work well at a neighborhood branch, especially if a patron is familiar to the staff, but may be tricky at the online level and also require precise hardware to read and verify. Thorsten Trapp from InfoSecurity magazine said a big flaw in biometrics in the financial world is that little things like a cut finger or eyeglasses could cause the machines to reject the correct user.
- Many passwords are considered weak. SplashData’s list of some of the most commonly leaked passwords in 2014 included “123456” “qwerty” and “password1.” Other easy-to-guess passwords include birthdays, birth years, favorite sports, and pet names. Passwords can be easily purchased or shared online, but two-party authentication requires additional info in case someone guesses or cracks the password.
- Other industries use it already. Mario Aguilar from Gizmodo points out that online providers like gmail, Dropbox and Twitter routinely use SMS authentication for people signing up for new accounts or those wanting to change their account info. This verifies that the user is the correct person and not someone with just the password trying to access their account. He does compliment some financial providers and credit card companies which have already switched to SMS and various authentication methods, such as Bank of America and Chase, but urged the others to come around. Or some may use it for larger or unusual transactions but not for routine business.
- It gives banks a chance to communicate better to customers. Instead of simply saying “here are some new rules,” banks can use the opportunity to let their customers know the ultimate reason – to make sure their money and the bank’s finances are both secure. Eric Griffith from PC said that being secure isn’t easy, and cyber criminals are counting on banks dragging their feet about implementing better security processes which some may fear would greatly inconvenience their customers. He said customers may even feel more secure if banks require them go through an extra screen for verification.
- It’s going to get worse. John Ginovsky from BankingExchange wrote that cyber criminals have found more and more vulnerabilities in financial systems, and 2015 was an especially challenging year. Security analysts are predicting that 2016 will see even more threats, everything from malware to ransomware. This could include sophisticated attacks through entire networks to even taking control of ATMs. So a company that invests in internal and external security, including SMS authentication, will be better protected than an institution that hopes it all goes away.
For more SMS strategies for banking systems, visit Trumpia.com.