Australia mobile operators says SMS are unsuitable for banking

Posted on November 9, 2012 12:52 am

Communications Alliance, a well known lobby group for telco operators in Australia has declared that SMS technology is obsolete and banks should avoid it as it is not safe means of verifying the identity of an individual during a banking transaction. The alliance represents the interests of mobile providers Telstra, Optus and Vodafone, and has taken a major step of declaring the technology insecure. The alliance says SMS are not designed to be a secure communications channel and should not be used by banks for electronic funds transfer authentication. Currently, SMS authentication is used by three of the four largest Australian retail banks as a preferred mode of second-factor authentication for transactions to unfamiliar accounts. According to industry reports, several banks have rolled out physical token authentication to business customers, but retail customers usually have to ask for such devices to get one for their accounts. Most of us Australians we only require our mobile phone number and one of either our mobile account number or date of birth to move our mobile phone number from one telcos to another and that is how I moved from Vodafone to the current network which I use while at home. Communication alliance also revealed that telcos have decided not to extend the security mechanism protecting the mobile number portability database for reasons of competition and database performance.

Apart from making the porting process more time consuming and less convenient for hundreds of thousands of Australians every year, additional ‘security’ may be seen as a tool to lock in customers, hinder number portability and thus be deemed to be anti-competitive.The lobby group also said there are also separate arrangements for movement of numbers from one supplier to another on the same network that vary with the different suppliers and carriers concerned. Additional security questions could potentially slow down mobile porting processes for potentially zero gain in fraud deterrence. At the moment, more than 170,000 mobile ports occur in Australia each month at a speed that is world’s best practice with performance highly valued by consumers and which would be compromised by placing additional layers in the process. The real problem is the malware that steal customer bank account details, prior to the fraudsters attempting to couple that information with mobile phone porting to steal money from those accounts.

Contador Harrison