Matija Razem, VP of Business Development at Infobip examines the increasingly complex security risks for our online activities, and the benefits of 2 factor authentication for mobile. We also caught up with Matija in person at GMIC Beijing.
The mobile and online revolution dramatically and irreversibly changed the way we make purchases for goods and services. The new paradigm eliminated the need for the consumer to be physically present at the point of sale, as was the norm 20 years ago. Today’s norm are online or mobile accounts and services, bringing a range of physical and virtual goods and services at the fingertips to anyone with an internet connection.
Communication, correspondence, social activities, entertainment, news, shopping – all are moving online are performed remotely, using dedicated or general purpose apps, or web access tools.
This revolution brought consumers new conveniences and created new opportunities for businesses, but it has also opened a new space for abuse and spawned new security risks that can have serious consequences for both parties.
Large amounts of user data are now stored in their accounts – activity history, sensitive personal documents (photos, videos), preferences, family status, purchasing power – all of which can be used for nefarious purposes if hacked.
Protecting online profiles from hacks and abuse
Compounding this is the fact that this information is often protected by a single authentication factor – a username and password combo, that often simply doesn’t suffice.
Let’s look at the figures. 55% of internet users say they use the same password for most of their accounts; 60% of UK consumers say they only use passwords they can remember; almost 30% admit they know passwords of their friend, relative, partner or colleague. This situation inevitably compromises security through weak or overly used passwords, and makes the case for an additional layer of security.
The solution is to add a second factor authentication (2FA) – where a login, login recovery or transaction of any kind are confirmed by an additional code, delivered to the user in a variety of ways.
2-factor authentication for the mobile world
Introducing the 2nd factor brings its own set of challenges for internet companies and online services. On the one hand, consumers expect convenience and ease of use, without needing to memorise several complex passwords. On the other, they mostly view companies as responsible for the security of their online presence, putting the pressure on them to establish efficient authentication mechanisms without asking extra efforts from users.
In addition to user experience demands, international security standards need to be met as a matter of good practice, and the solution needs to at the same time be easy to integrate, as well as be capable of reaching and providing the same service level to all users all over the world.
It’s quite a challenge, however, in recent years it has become easier to address it in a new way, by recruiting the unique thing every user already has – a mobile number, i.e. a mobile phone.
By using the consumers’ mobile phones to deliver a one-time PIN code in an SMS message is a solution that ticks the boxes for ease of implementation and global reach – the key areas for a successful 2FA rollout.
It’s an existing solution, tried and tested – and proven. All the major internet companies and OTT players harness it to authenticate users around the world in a user-friendly process that relies on an infrastructure that supports SMS message delivery to any country in the world.
The process itself is simple. A one-time PIN (usually 4 to 6 digits), is delivered to a user’s mobile phone as an SMS message or a voice call. The user then enters it into a form on the web or in the app when logging into an online service, and is allowed access. This type of PIN is only valid for a limited period of time (e.g. 20 seconds).
Going global with 2FA
For global Internet services, another major challenge is having to authenticate its users anywhere in the world, where the mobile phone eliminates the need for additional OTP-generating hardware (tokens, key fobs, etc.), which is not only prohibitively expensive, but also virtually impossible from a logistics standpoint.
VP Business Development
That means that they need to have SMS connectivity in different countries with different requirements for professional SMS messaging, provided by local companies at different terms. There is a solution for this particular business and technology challenge, too. In recent years, specialised application-to-person (A2P) SMS companies have invested heavily into global coverage, as well as specialised out-of-the-box 2FA solutions.
With direct connectivity to mobile operators worldwide, over 800 currently active, dependable delivery of time-critical 2FA SMS messages becomes possible. Indeed, that was the key factor that contributed to SMS-based 2FA becoming the preferred method for the world’s leading online and mobile brands.
Sign up now to MEF’s Mobile Messaging Programme – The Future of Messaging. A cross-ecosystem approach to accelerate market clean-up and advance innovation. Find out more and download the free A2P messaging fraud framework now