Banks are facing a predicament in using SMS messages to help authenticate their customers. On one hand, fraudsters are targeting such systems more. On the other, it is a method customers are accustomed to using.
Banks, like many other industries, rely on SMS-based notifications as part of two-factor authentication protocols, but there is rising pressure for them to use other methods. But should they shelve it altogether? Security experts say that is probably a step too far for now.
In implementing any new fraud measures, banks must always
weigh the risk of fraud versus the customer experience, said Yossi Zekri, chief executive of Acuant, an authentication technology provider.
"You have to think about the friction to the customer, along with the overall risk you are taking," he said.
Ditching text messaging and shifting to a new form of authentication would likely confuse customers, security experts say. Instead, financial institutions should take a more nuanced approach, said Rich Rezek, vice president of market development for authentication solutions for the tech vendor Early Warning.
