Payfone Combating SMS Fraud
July 03, 2017
Payfone was the keynote speaker of the second day of the Mobile World Congress (News - Alert) in Shangai. The main issue at the center of its presentation was the problem of fraud stemming from SMS messaging, specifically SMS Hijack and forwarding attacks.
Attacks of this nature were born out of the rise of one time code authorization. Many consumers experience this when logging into an app or paying on a new website from their mobile phone for the first time. It is meant as an added level of security. Users provide their log-on information and then are sent a onetime code to the registered mobile number they have provided. Entering this code serves as confirmation that the user is who they say they are.
However, this process does leave users vulnerable to SMS hijack and forwarding attacks, as hackers are able to take advantage of access gained by the sending of one time codes. Payfone has been working to develop a method that ensures the same security assurances as one time codes but also mitigates all of these potential risks.
"SMS hijack attacks are a blaring wake-up call about the dangers of sending one-time SMS passcodes," said Rodger Desai, Chief Executive Officer, Payfone. "Our Instant Authentication for Mobile solution prevents these types of hacks and moves towards the National Institute of Standards and Technology (NIST)'s recommendation to deprecate SMS one-time passcodes as a second factor of authentication."
Instead of forcing users to wait to receive a text message and then manually input a code when looking to authenticate their identity, the solution from Payfone allows users to automatically confirm who they are through the carrier settings and information. This has the advantage of being more secure (as no new lines of communication need to be opened) as well as easier and quicker for customers. It is not often that a security measure is both more secure and more convenient than its previous iteration, but that is what Payfone has been able to accomplish. This is just one more example of a way that businesses are working to protect the identities of their customers.
Article comments powered by