Use Of Sms Tokens For Validating Third Party Payments Make Mobile Phones Vulnerable To Attacks

By Author: Peter Martin
Total Articles: 211
Comment this article

Increasing number of banks are adopting the practice to send authentication tokens through short message service (SMS) to their customers for validating third party payments. Bank customers are required to enter the security token number to complete third party payments through Internet banking. If customers choose not to use the number, than they have to use other channels of banking to make payments to third parties. When a customer selects third party payment on an online banking site, the concerned bank sends a SMS token - with unique numerical codes to the customer, which has to be entered on the net banking site to complete the payment. While the approach complements the requirement to reenter authentication details on the website to validate payments, also makes mobile phones vulnerable to hacking attacks. Recently, security firm RSA has cautioned that offenders may attempt to intercept the SMS messages and increase attacks on mobile phones.

While the SMS tokens have introduced an additional layer of security, they may encourage criminals to launch denial-of-service attacks on the mobile phones to disrupt its ...
... use by customers. Attackers may also intercept the message during transmission from bank to customer and forward it to their own mobile device. RSA has also warned against increased smishing attacks, the mobile variant of phishing attacks. The growth of mobile banking also makes mobile devices soft target for attacks. While spear phishing attacks are replacing phishing attacks on e-mail, mobile phones may face increase number of spam messages and smishing attacks. Online computer training programs may help users in understanding the possible sophisticated threats in the e-banking environment and help in conducting secure transactions.

Usually, manufacturers avail the services of ethical hacker certified experts to explore and identify the vulnerabilities in devices and applications. Banking organizations may work with stakeholders such as manufactures, software developers, telecom companies, regulatory agencies and IT security firms to ensure safe transmission of information.

IT personnel holding security certifications can help banks in improving the IT security apparatus and ensure safe banking experience for customers. While banks are now providing security tips and information related to threats to customers, they may also create awareness through online video programs and case studies to ensure adherence to safety precautions and practices.