As business communications evolve, SMS remains a trusted business messaging channel due to its ubiquity, reliability and effectiveness for driving customer engagement. It continues to enjoy robust growth particularly for sending of One Time Passwords to support Two Factor Authentication.
Unfortunately, these high-value transactions inevitably attract the attention of fraudsters; criminals exploiting the complexity of the messaging ecosystem or using sophisticated social engineering techniques to scam the ultimate end user. It is imperative that across the entire ecosystem all necessary actions are taken to prevent and mitigate fraud attacks.
MEF’s Future of Messaging Programme Security Working Group has carried out an analysis of the end-to-end processes that help secure SMS for business messaging. The Securing A2P SMS Business Messaging Whitepaper explains the messaging delivery chain and sets out clear guidelines for securing SMS for two factor authentication. It explains the technical, device and industry solutions available and provides recommendations to brands and enterprises based on a three-step approach:
- Know Your Supply Chain
- Follow best practices and deploy technical solutions
- Market education
The paper looks at potential SS7 vulnerabilities in the messaging delivery chain as well as data and identity frauds including SIM Swap / Port Out Account Takeover, SMS Malware and Smishing as detailed in MEF’s A2P SMS Fraud Framework. It includes:
- Best practices by stakeholder – MNO, messaging provider and enterprises
- Technical solutions – Firewalls, SIM SWAP Solutions and Machine Learning
- Device solutions
- Industry initiatives
- Enterprise checklist including how to balance use case & risk profile with security measures
- Case studies: How the industry is securing SMS