IAM Consumer Authentication Solutions HID Global Security and Technology Evangelist, Edwardcher Monreal says that SMS is no longer relevant in today’s world and no longer reaches the demand target when compared to current technology in an interview with Business Today.
“SMS authentication has evolved into a legacy technology that no longer meets the needs of digital consumers in the twenty-first century.
“In today’s digital world where consumers are connected at all hours of the day, SMS simply is no longer enough of a channel because it is not encrypted,” he says.
He also adds that because consumers are increasingly connected to digital worlds, and SMS is not a channel that they choose, there are more vulnerabilities in SMS authentication.
“A hacker may contact a mobile phone carrier pretending to be the user and have the SIM changed to something they have access to (SIM swap fraud).
“A user may accidentally download malware onto their device, allowing bad actors to view the content of the phone including received text messages.
“Criminals can exploit mobile networks at large by using weaknesses in a common set of telephone signalling protocols known as Signaling System 7 (SS7).
“These techniques can be combined with social engineering to target vulnerabilities,” he says.
Edwarcher cited Sophos’s Phishing Insights 2021 reports which almost half of the respondents’ aware cyber threats can be done through SMS messages.
“According to Sophos’ Phishing Insights 2021, 49% of Malaysian respondents very much recognise that phishing can be done through SMS messages,” he says.
Malaysia Cyber Security Strategy 2020- 2024
Meanwhile, according to Edwardcher, the Malaysian government announced the Malaysia Cyber Security Strategy 2020-2024, intending to strengthen local capabilities to predict, detect, deter, and respond to cyber threats.
The strategy also aims to improve the structure of government and assist SMEs in implementing cyber security while thriving in safe and secure cyberspace.
“Throughout the strategic plan, it also aims at improving structured governance, the competence of people, supporting best practices processes, and deploying effective technology nationwide.
“The plan is imperative to every organisation in Malaysia, especially small and medium enterprises as adopting cyber security is crucial while thriving in a trusted and resilient cyberspace.
“Organisations can prepare a mitigation plan to increase overall security posture and establish the best footing to mitigate future attacks.
“It is advisable to employ strong credentials, implement multi-factor authentication (MFA) and authenticate every access while users are accessing the systems or applications,” he says.
Authentication
Edwardcher suggested Offline Authentification and Simple Mobile Push Authentication as the best authentication alternatives to SMS that organisations can use to make customers feel secure.
“Offline Authentication can be a very good alternative because it offers a very similar experience to SMS except that it is done through a mobile app.
“Simple Mobile Push Authentication can be combined with complete Identity and Access Management solutions to provide deeply secure authentication based on security needs over a secure, encrypted channel such as hypertext transfer protocol secure (HTTPS),” he says.
Simultaneously, he stated that the company must take a holistic approach to the consumer authentication journey, which includes Initial identity verification, Risk management and fraud prevention, and Adaptive authentication.
“Initial identity verification, a biometric validation by HID Global that ensures that the person in the selfie and ID document is the same and then validates key personal data with multiple trusted sources.
“Risk management and fraud prevention, HID’s Risk Management Solution detects threats and stops fraud using a three-engine system. The three engines constantly analyze and detect behaviours, anomalies, and threats from end-users.
“Adaptive authentication, The HID authentication platform works behind the scenes to detect real-time inputs and automatically adjust verification methods accordingly,” he explains.
Edwarcher has over two decades of hands-on experience developing software and delivering solutions and services, with synergies in NFC, TSM, and mobile financial services combined with PKI, risk management, and strong authentication.
