When it comes to proving who you are, the email and password combo is not fit for purpose, which is why so many firms have switched to authentication by text. Continuing our serialisation of articles and interviews taken from MEF’s free Future of Messaging Guide 2020 supported by Syniverse, available to download now.
In the ‘old’ analogue world, transactions were easy. If you had the cash, you could get the goods. But when commerce – and payment systems – went digital, things got murkier. Vendors had to ask the customer two big questions before they could risk approving the transaction: who are you, and how can you prove it?
At first, they used email and passwords to get the answers. But this proved worryingly insecure. They looked around for a better way, and found it in two factor authentication (2FA) via SMS. Here, the vendor sends a one time PIN (OTP) to the user by text, and the customer types it into the web form (or similar).
On the rare occasion that fraudsters do intercept OTPs, it is usually due to social engineering rather than any technical flaw. This is regrettable (and best tackled with education), but it is rare.
Why does it work? Because it replaces the risky ‘something you know’ (a password) with the far more secure ‘something you have’ (a phone). The process is easy for users to understand. And it’s mostly safe.
On the rare occasion that fraudsters do intercept OTPs, it is usually due to social engineering rather than any technical flaw. This is regrettable (and best tackled with education), but it is rare.
2FA by SMS is now used by business of all types all over the world, with banks, social media companies and government all relying on the process. In fact, mobile messaging insiders now say as much as 20 per cent of all A2P (application to person) messaging comes from authentication.
And 2FA by SMS is not just for transactions. It can work just as well for any kind of authorisation scenario. The Belarusian games publisher Wargaming is a convert to the process, which is implemented with the help of provider GMS.
Wargaming has over 200 million players of its flagship titles such as World of Tanks and World of Warships. Individuals in this vast user base are frequently changing their personal details (password change, email change etc). Obviously, to do this, they need a process that is simple but secure.
Historically, the company used email and password. But, according to Wargaming’s Vitali Martsinovich, OTP by SMS has proved much more safe. It’s also easier for customers. “Authorisation through SMS more secure than through email,” he says. “It is also more user-friendly to send a text than send a code by email. There’s nothing to download, and we can assume that the user will always see the code. Also, it gives customers a chance to do more self-service. After SMS authorisation, they can change details of their Wargaming account.”
The percentage of users needing to change their details at any one time is small. But with 200 million users, Wargaming is still sending between 400,000 and 800,000 messages a month.
MEF’s Future of Messaging Guide 2020 – Download now
MEF’s Future of Messaging Guide 2020 published in association with Syniverse explores the growth of business messaging via a series of interviews and case studies to showcase how messaging continues to evolve and enable better customer engagement.
The 40-page guide is a comprehensive look at the trends, technologies, business personas and use cases driving the future of business messaging in a series of interviews and use cases across different sectors and regions.
