EDGE 2015 is starting in

Find out more EDGE 2015
Menu
SMS is not the issue with fraudulent bank transfers, telcos are: Experts

SMS is not the issue with fraudulent bank transfers, telcos are: Experts

While SMS may be in the spotlight due to recent fraud, the issue goes beyond just SMS

Despite its widespread use, SMS technology has lost its luster as a safe means of verifying the identity of an individual during a banking transaction.

This is what the lobby group for Australian telcos is claiming in the wake of a recent fraud incident.

The said incident involved an Australian family who had $35,000 stolen from a bank account following an identity theft.

In this case, the victim had their mobile number ported to another provider without their apparent knowledge or approval.

This action allowed the criminal to then change the bank PIN and withdraw $35,000 before a stop was put on the breached account.

The identity theft was eventually traced back to key logging malware on the victim’s PC that recorded the account details, and since one-use SMS access codes for the account are required, the criminal then used the acquired details to port the phone number to another account.

Securing SMS

While the lobby group and consumers may be up in arms about the perceived security of SMS, SecurEnvoy CTO, Andy Kemshall, said the real issue is not the security of the mobile technology.

Instead, he lays the blame at the ease that Australian telcos allow hackers to request a number be ported to another phone, as highlighted in the recent incident.

“This has far wider consequences than just SMS, as a hacker can setup a premium rate call line and run-up extortionate bills by calling these numbers after porting over the number,” Kemshall said.

He would instead like to see Communications Alliance chief executive, John Stanton, “live up to the trust end users put in their telcos.”

“[Stanton] should take the lead from other countries such as the UK that have better security questions to request a ported number, or PAK code, and send them as a letter or email to the account holders registered address preventing such an attack,” he said.

Having banks revert back to using old fashion hardware tokens that do not scale at a cost of millions, according to Kemshall, is “ludicrous” and “doesn’t fix the real issue”.

“Expecting end users to carry a different hardware token for each bank, credit card or secure online service they use is just not viable,” he said.

Goode Intelligence managing director, Alan Goode, said despite the recent mishap, SMS can provide an additional layer of security that enables organisations, including banks, to improve the security of their online services.

“When used in two-factor authentication, SMS allows all users, and not just a limited few, to benefit from agile strong authentication and protect them against financial fraud and identity theft,” he said.

Instead of focusing on SMS, Goode says the responsibility lies with telecommunication suppliers to have appropriate levels of security are implemented for their clients to ensure that cyber criminals do not exploit any weaknesses that allow them to abuse their services.

EDGE 2015:: For all the latest on EDGE 2015 including the keynote speakers visit the EDGE mini-site now

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Tags online securityonline fraudmobile banking

Upcoming

Slideshows

In Pictures: 7 things we hate about Twitter

In Pictures: 7 things we hate about Twitter

You probably either love Twitter for its quirkiness and brevity or see it as a pointless waste of time. After nearly a decade on the social scene, Twitter still needs to improve its user experience and fill in notable gaps in the service. These seven problems are long overdue for a fix.

In Pictures: 7 things we hate about Twitter
IN PICTURES: EDGE 2015 - Sponsor Briefing

IN PICTURES: EDGE 2015 - Sponsor Briefing

With EDGE 2015 rapidly approaching, ARN and Reseller News NZ held a Sponsors Briefing where ARN publisher and president, Susan Searle, and Events Manager, Alexandra West, ran through the considerable logistics in detail. Attendees then enjoyed some splendid canapes and drinks. EDGE is designed to bring the A/NZ channel together in a collaborative and educational environment. Themed around channel channel leadership, EDGE will be held at the Sheraton Mirage, Port Douglas, July 20-23. Photos by MIKE GEE.

IN PICTURES: EDGE 2015 - Sponsor Briefing
In Pictures: Robots that cook, clean, sing and dance

In Pictures: Robots that cook, clean, sing and dance

Cooking, learning language and doing the laundry are a few of the human skills demonstrated by.real humanoid bots featured in the National Geographic movie Robots.

In Pictures: Robots that cook, clean, sing and dance

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments