CEE22: Moving away from SMS-based authentication

“Let’s kill SMS OTP as authentication method” – this was the key message given by Petr Dvořák from Wultra (Czech Republic) during his presentation at the latest CEE22 SME Banking Conference in Prague.

He paid attention that over half of the banks from the Central European region still use SMS OTP as a primary type of authentication.

What are the disadvantages of using SMS OTP authentication?

  • Phishing (since the codes must be rewritten to related applications, and they are susceptible to phishing).
  • SIM Swapping (due to insufficient KYC processes at the telco, an incurrent user can obtain the SIM card).
  • Android Malware (standard features of the Android OS allow reading SMS messages or screen content (accessibility)).
  • Telco infrastructure (the SMS infrastructure isn`t modern and therefore, messages may travel or be stored unencrypted).
  • Low compliance (regulatory frameworks such as PSD2 are suggesting a shift away from SMS codes).
  • Hard to read (since the text in the SMS message is not formatted, it is not easy to review the operation).
  • Hard to use (since the code from SMS has to be rewritten, there is additional friction in user experience).
  • This way is too costly (the more customers use the systems, the more companies should pay for SMS delivery).

What is the better way to do the authentication? Petr suggests using Mobile Token (PSD2 Compliant Strong Customer Authentication).

What are the benefits?

  • The only mobile app that can be used, which is secure and compliant, user-friendly, cost-effective, and branded experience.
  • Digital onboarding (with access within 5 minutes, mobile-only process, personal ID, and facial biometrics).
  • Customer authentication (with login and payment confirmation, biometrics or PIN code, and dynamic linking)
  • Mobile security (with multiple layers of security, app shielding, and persistent malware protection).

Petr stressed that the implementation of the Mobile token is as simple as introducing SMS OTP. There are not so many differences between these two infrastructures, because all these types of solutions had been commoditized. In addition, he mentioned that the usage of Mobile tokens can save up to 60% of costs.

 

To learn more details, watch the full video below: