Trusted Transactions | Entersekt Blog

Trusted Transactions | Entersekt Blog

2016: An annus horribilis for SMS OTP

Posted by Jolette Roodt, Writer/Analyst, Entersekt

Mar 17, 2016 11:00:00 AM

The year has not started well for that popular authentication method, one-time passwords (OTPs) sent via SMS. Still widely used during logins and transactions as part of a two-factor authentication (2FA) process, SMS OTP has long been vulnerable to cyber criminals.

 In South Africa, forensics consultant, David Klatzow, came out with guns blazing in early March, accusing at least one large South African bank of exposing high-net-worth individuals to large fraud losses by staying with SMS OTP. (Most South African banks have stopped using SMS OTP in favour of Entersekt’s technology.) Klatzow, who became a household name as an expert witness in the Oscar Pistorius trial, stated that banks who use this technology should be held responsible for phishing losses. This set off a heated debate over liability in local newspapers, radio, and social media, pitting frustrated victims and security experts against the banks and mobile operators accused of covering up internal SIM-swap fraud.

Read More

Topics: SIM swaps/cloning and number porting, SMS OTP/ mTAN

The trouble with mTANs

Posted by Claudius van der Meulen, VP business development / director Europe, Entersekt

Nov 5, 2015 10:41:00 AM

A mobile transaction authentication number (mTAN) is a one-time password delivered to users of online systems using the SMS format. Millions of digital banking customers use them today to verify their online transactions with their bank. It is a system that most consumers believe to be secure, but that has been repeatedly compromised over the past years in a variety of ways.

Read More

Topics: One-time passwords, SIM swaps/cloning and number porting, SMS OTP/ mTAN

About Trusted Transactions

Trusted Transactions is Entersekt's blog devoted to keeping our customers, prospects and friends updated with industry news, security threats and technology advances in consumer authentication. We can protect against online banking fraud and account takeovers. Trusted Transactions brings you industry data and insights to help safeguard your online and mobile banking and payments transactions. 

Subscribe to Entersekt's Blog

 

Download white paper: The importance of transaction  signing to banks  

 

Follow Entersekt