Skip to main content

Why is 2FA SMS OTA NBG?

xxx

The National Fraud Intelligence Bureau (NFIB) and one of the UK’s largest mobile phone networks, EE, have raised concerns about banks’ growing reliance on text messages when authorising large payments.

FBI turns up the heat on banks over Sim scams | Money | The Sunday Times:

I seem to remember first raising concerns about the banks’ use of text message for authorisation about a decade ago, but no-one ever listens to me. Of, it appears, anyone else who has said this over the last ten years or so.

Now, I’m not saying that no banks at all have listened to the cacophony of security experts telling them not to use text messaging for a purpose for which is was never intended. Earlier this year, German banks dropped support for SMS -based OTP as 2FA for SCA in PSD2 .

 

In the UK, it’s the mobile operators who have taken action. They have created something call “SMS Phishguard” which means that (I think) fraudsters will not be able to ‘spoof’ numbers so that bogus texts appear to be sent from a real bank.

Comments

Popular posts from this blog

There is no excuse for not taking cards

So we went to the pub. For lunch. Seven of us. Say £20 per head. £100+ quid. Say £50 quid gross for the pub. Colleague goes to order food and drinks and pay at the bar. Apologetic barmaid comes over to explain that their “card machine” is down, so she can only accept cash. Under normal circumstances I would have simply walked out, feeling it wholly inappropriate to reward such a poorly managed establishment and, as a functioning actor in a capitalist economy, done my duty to depress their lunchtime takings. Here’s what we wanted to say: This is absurd. This is 2016 not 1916. Your card machine is down? Well, so what! Are you seriously telling me that mein host has no mobile phone number capable of registering for PingIt or PayM? That none of the staff or the pub itself have a PayPal account that I can send the money to? That neither the owners nor managers not contingency planners thought to tuck an iZettle behind the bar to use when the clunky and expensive GPRS terminal fails for o...