Security in an Insecure World

Using Mobile Messaging for Two-Factor Authentication

Proving identity to access services is becoming increasingly necessary in today’s online world 

High-profile hackings of social media and other websites are regularly reported and most of us have a wealth of personal information readily available to identity thieves - cards in our wallet, mail, public records, information saved in our computers and information posted on social networking sites.

Identity theft is becoming increasingly common with one in five Australians reporting having had their identities stolen or had their personal or financial data illegally accessed.

The Australian Debt Study, by Veda in 2012, showed that Australians aged 35 - 49 are the most likely group to fall victim to identity fraud while 18 - 24 year olds are the least likely to report illegal access to their personal or financial data and that almost one in three Australians suffered some form of credit crime.

The Australian Federal Police estimate the cost of identity theft to be $1.6 billion a year. Identity theft and unauthorised access to services carries significant risks and costs for businesses and can result in damage to reputation and brand. It can also be traumatic and costly for customers causing customers to move to competitive service providers.

What is Two Factor Authentication?

Two-factor authentication helps to mitigate the risks of identity fraud and unauthorised access by providing a means of identifying users by a combination of two different factors.

  • Something the user knows, such as password or PIN
  • Something the user possesses, such as a bank card or token device
  • Something that is inseparable from the user, such as a fingerprint, or iris recognition

An SMS PIN sent to a user’s mobile device serves as an ideal authentication method for “something that the user possesses”, coupled with “something that the user knows”, like a user name.

An SMS PIN can be randomly generated or retrieved from a client system, or uploaded from a stored database. SMS PINs can be set expire after a specific validity period, a specific user session or after a maximum number of uses.

SMS PINs can be automatically re-issued upon expiry or maximum usage ensuring a passcode is always available.

10 reasons to use SMS for two factor authentication

Two-factor authentication using SMS PINs is being used increasingly by many companies and brands with Twitter, Google and Facebook all launching SMS PIN verification in recent months to combat the hacking of user accounts and information.

  1. No cost of issuing or managing a separate token device to users
  2. No cost or risk of sending PINs via Postal Mail
  3. SMS uses an existing device that users always carry
  4. SMS is a low cost delivery mechanism and simple to use
  5. SMS is compatible with any mobile phone and deliverable globally
  6. On-demand PINs can be issued instantly and usage of PINs can be tracked online
  7. PINs can be managed and controlled centrally for improved security and visibility
  8. Dynamically generated one time PINs are safer to use than static log-ins
  9. Used PINs can be expired and automatically replaced to ensure a valid code is always available
  10. Specifying a maximum number of incorrect PIN entries reduces risk of unathorised access 

End-to-end security with SMS authentication

Our PIN Manager solution can deliver all of your requirements for SMS based two factor authentication.

Learn more about PIN Manager

Combine SMS PINs with our lookup Services to enhance anti-fraud procedures by performing identity verifications on the mobile number.

Uses for SMS Authentication

  • Every time a confirmation of identity is needed
  •  Increase security for access to buildings via PIN entry
  • Verify access to enterprise systems, especially when users access systems remotely
  • Protect access to data, particularly on web based and online systems
  • Enhance security for users of online and mobile banking applications
  • Authenticate transactions on any e-commerce site from financial trades to simple mail order purchases
  • Authenticate transactions for micro-payments, money transfers online and on mobile devices
  • Implement application log-ins, software activation codes and e-signatures via SMS
  • Add security for remote access from locations that are not recognised
  • Perform mobile subscriber identity verification.