Monday, June 07, 2010

Smishing by any other name

One of the great things about our industry is how quickly a new name can appear and then become part of the vocabulary. One such a word is Smishing. In short Smishing is Phishing by making use of SMS's. The how-to of Smishing is describe in many places on the Internet (Read here) and has even made it into Wikipedia (Read here).

Using fake SMS's to get unsuspected consumers to respond to promises of wealth ("you have won the lotto") or fear of implied actions ("your account has not been paid), is not a recent phenomena. Since SMS'ing became a general means of communicating, this medium has been used to trick people into paying money (when they don't have to) or meet unknown stalkers (when they should not). What makes Smishing different and dangerous is that the technique is now being used to steal identity for purposes of accessing banking or payment information. In the light of this risk, it is important to take measures to protect consumers.

It has become important to implement a standard, easy to use and mutually understood mechanism to authenticate interactions between customers and their financial-services suppliers. This would take the form of a challenge and (secret) response. Some banks have already implemented such mechanisms, but these are not well understood, not widely used and definitely not standardised.

No comments: