Enhanced Security Propels SMS to New Heights

By   ISBuzz Team
Writer , Information Security Buzz | Jul 23, 2014 05:05 pm PST

In today’s hyper-connected world, fuelled by seemingly constant reports of data breaches, privacy leaks and hacking scandals, we’re all concerned about our privacy. Or at least we are in theory. Data protection has almost become a paradox; we know we should be cautious about the data we share and who we entrust it to, but we’re accustomed to using our mobile devices for every facet of our daily lives. Many of today’s consumers are unwilling to give up this reliance in order to protect their personal information. Mobile platforms, apps and services are assumed to be secure, and a robust level of data protection is expected. As far as the average consumer is concerned, their privacy is someone else’s job to protect.

The problem with this is two-fold: as consumers are accustomed to conducting everyday tasks on their mobile devices, they have come to expect mobile support for every service they use. Mobile is an essential part of how they run their lives and, although they expect immediate access to their personal account information, consumers still expect the channel that delivers it to be secure. This has created unnecessary strain between consumers and businesses. Juggling data protection in the digital age with an urgency to develop mobile-centric services is a tall order, especially when it’s all to accommodate growing demands for convenience by those very same consumers.

As enterprises strive to adapt their services and processes to cater for increasing mobile demand, the most common options for delivering the required level of connectivity come from mobile apps, enterprise SMS messaging and the mobile web. However, no matter which solution is chosen, service integration and security are still pressing concerns. Professional SMS messaging systems are the most widely used of the three, and have been trusted by enterprises of all sizes for over a decade. Ever since the ease and convenience of application messaging was recognised 15 years ago, companies have used application-to-person (A2P) SMS to offer additional value, improve service quality and make things more convenient for the mobile-oriented consumer. Given how easy A2P messaging platforms are to integrate into existing corporate processes, it’s no surprise both consumers and enterprises were in favour of this trend.

But there were still concerns over security. Even though SMS has already been widely adopted and is trusted to deliver banking alerts, booking confirmations and all manner of other service notifications, it has traditionally not been considered secure enough for sending highly sensitive consumer information such as the PIN number for a payment card. Despite recent novel uses of SMS in online and mobile security efforts, such as two-factor authentication, SMS was still not deemed to be capable of handling confidential data without cause for concern. However, this is no longer the case.

Thanks to recent developments the SMS messaging platform has achieved significant updates in terms of its security features, which have all culminated into an industry accreditation called PCI DSS certification. This is an independent confirmation of compliance with strict data security standards outlined by the payment cards industry, and is a requirement for any company that handles sensitive customer data. The approval process for PCI DSS includes a detailed examination of the technical platform, departments and data protocols of any company that handles payment card data. This not only gives businesses and consumers assurance that their information is being dealt with securely, but also implies an enhanced capability for certified companies to offer new services built entirely around mobile delivery (via secure SMS) that can benefit consumers and enterprises alike.

PCI DSS validation lets banks and other companies offer new timesaving mobile-centric services, like payment card PIN delivery, that can cater to all demographics. These new services and processes can be implemented without investment in complex new technologies. Secure SMS solutions also are generation-wide – almost everyone has a mobile phone and is capable of receiving SMS messages. In comparison to an app-based engagement service, SMS has a far wider reach.

As a result, SMS systems are ideal for sending notifications and alerts for a whole host of purposes. Combined with PCI DSS certification, a company’s SMS platform can even be used for dealing with confidential information. And because it’s SMS, information can be delivered immediately and on demand, working around the consumer’s schedule to arrive when most convenient. With this approach, wait times are eliminated, thanks to a data delivery platform that centres around the one device consumers are never without – their mobile phone.

Ultimately SMS is familiar, cross-platform and does not require a data connection. It can reach any consumer, no matter what phone model they’re using. With all security and privacy concerns addressed through PCI DSS, SMS has become an extremely convenient platform for notification and authentication. It’s an ideal base for enterprises to adapt their services for the mobile age, and is one that poses no risk to consumers in terms of data security.

By Silvio Kutic, founder and CEO of Infobip

Sylvio_KuticSilvio Kutic, founder and CEO of Infobip, earned a M.Sc. at the University of Zagreb Faculty of Electrical Engineering and Computing. Silvio took over as CEO in 2006. Since then, he has been the driving force behind Infobip’s rapid growth and the strategic shift towards enterprise and MNO solutions.