Should SMS Messaging Be Used As A Security Factor For Your Customers

Pallavi Varanasi Cloud Security Expert - CloudCodes Software
  • November 28th, 2020

With data breaches becoming the order of the day, customers are finding ways and means to secure their personal data. As an organization, it is your primary concern to secure your customer data and that is what they expect from you. There are many steps in securing the data like employing password policies, access control etc. To verify the customer identity during authentication, the second-step authentication is the best way out for cloud data security, that second factor takes the form of SMS messaging.

Ways Hackers Get Hold of Login Credentials and MFA as Its Protection Measure

When a hacker gets the actual login credentials of a customer, he gets into the system and steals data and this is the most common method of data thefts. It happens when some of the customers fall prey to the trap and lend in their credentials and there is nothing that you can do to stop it. The customers are caught in phishing scams or reuse their passwords across sites making them vulnerable to data thefts. In these situations, an multi-factor authentication (MFA), also commonly known as the second-step authentication in order to verify the customer identity during authentication, is perceived to be the best way out for data security. That second factor often takes the form of SMS messaging.

Demerits of Having SMS Messaging as the Second-Step Verification

Security at Stake

However safe it may seem, the reality is that SMS Messaging is an authenticator’s threat. The sent SMS messages containing the one time password or OTP codes are vulnerable and can be intercepted by third parties across the communication network. In fact, the SMS is listed as the weakest link in the two-factor authentication system. There are several ways hackers are able to intercept SMS messages. One of them is to use engineering techniques to impersonate the user. All this requires are a telephone call or an email exchange and more probably a live chat with the Customer-Service-Provider representative; thus indirectly changing the cell phone number to an unauthorized phone.

Bad Customer Experience

Umpteenth number of SMS messages forces customers to opt out from a brand and send a separate SMS Messaging app on their mobile. They make the customers read unformatted text and copy a code from the received message. Thus, SMS Messaging has the potential for data thefts by gaining advantage of customer experience.

Added up Costs

When you use a third-party service for your SMS messages, then the cost associated with the frequent SMS message service adds up to the cost.

Securer Alternatives to SMS Messaging

There exist some better alternatives to SMS Messaging which are securer and more cost-efficient. One of them is to continue with the customer-facing mobile app that is already loaded and use it in the second-factor authentication. This has several benefits that counteract the drawbacks of using SMS.

Improved Customer Experience

The advantage of using your own mobile app is that you get an experience which you can create on your own. Customers can get the approved data by utilizing push notifications. Fingerprint detection can also be used for a simple, one-touch approval without the app being opened. All these make it more streamlined than the MFA process.

Data Security

The push notification definitely has an edge over SMS Messaging. A code is sent to the phone number in SMS Messaging which can easily be spoofed. But your mobile app can verify device secrets and that is a securer method. The push notification can be sent to the customer’s device and not just the phone number or the card.

Cost Benefits

Unlike SMS, push notifications do not follow the rule of per-use cost. So even if you start using the second-factor option, the prices will not increase very much.

SMS Messaging Still Can Be Used in Combination

Even though many of your customers use your mobile app, the rest cannot be forced to download and use it. If you turn your mobile app into a security factor, it will surely benefit the users. But, as usual, there will be a group, who will not feel the need to download your mobile app. SMS Messaging will be useful for this group. So, SMS still holds a key role to play. But this has to be used as a second option. The push notifications as the primary factor should be encouraged and SMS can be used to fill in the gaps to provide data security where your mobile app cannot do the same.