15/04/16, London, UK
The pressure is rising on banks and payment services providers (PSPs) to cease using SMS-only methods to authenticate mobile and online transactions. This method alone leaves consumers vulnerable to identity fraud, warns customer engagement expert Aspect Software.
ITV’s Fraud - How Safe is Your Money? featured the story of Felicity, who was the target of illegal SIM Swap activity, a type of identity fraud. Felicity’s messages from her bank were redirected to a different phone with an identical SIM card, meaning that hackers could access her bank account details through one-time passwords sent by SMS.
Stephen Ball, Senior VP Europe and Africa at Aspect, says that while SMS identity checks are easy for account holders to use, banks and PSPs need to employ multi-factor authentication methods to prevent identity fraud: “Felicity’s story has drawn attention to the fraudsters taking advantage of thin security procedures. With SMS being redirected without the victim knowing about it, by the time the bank reacts to the crime the hacker may have already escaped with their target’s finances. There needs to be more action from PSPs to head this kind of activity off before more customers are affected.”
Last year, the European Parliament formally adopted the revised Payment Services Directive (PSD2). This boosted the protection of online and mobile transactions by requiring PSPs to use multi-factor authentication for internet payments. The rules state that the two or more methods of authentication must be independent so they cannot be compromised by each other.
“This was a great initiative for driving greater security for online payments,” Ball continued. “However, PSPs need to seriously consider their customer experience when employing new security procedures such as additional authentication layers. They need to balance ease of use with adequate, or an ‘accepted’ level of security to protect their customers’ data. SIM Swap checks, divert detection and location detection are simple procedures that can be undertaken without the customer being aware of them. The user’s identity is much more secure against fraudsters but their day is not interrupted, and they still have a great experience when making a payment.”
He concluded: “The rising awareness of SIM Swap ought to prompt PSPs and banks to take steps to secure the protection of their customers, without negatively impacting their customer experiences. For those that do not, savvy customers will quickly choose alternative providers for their banking.”