Money is a sensitive matter. Working in the field of financial services means paying special attention to payment security. No wonder: after all, financial services are arguably the number one target when it comes to online security.
Protecting payments with SMS 2-factor authentication
Money has been attracting fraudsters for centuries. As long as financial institutions exist, they have been using various ways to protect payments. In the modern world, the most common approach to payment security is two-factor verification (also known as two-factor authentication, or 2FA). It is a method used to confirm that a person who orders a transaction has a legitimate right to do it. To verify a person’s identity, two factors must coincide: something the person knows (knowledge factor) and something they possess (possession factor).
Withdrawing money from ATM is a clear example of how 2-way verification works. To complete the withdrawal, you must provide the right combination of the bank card (something you possess) and PIN (something you know).
For online transactions, the user account login/password is utilized as a knowledge factor. But since passwords are vulnerable and might be compromised, the possession factor comes into play: a user’s mobile device. To complete the transaction, the user must confirm “yes I am the person that owns that device”. To do so, they must provide a one-time password sent to their phone via SMS.
Sirocco Pay, a fintech startup specializing in inexpensive international money transfers, utilizes SMS 2FA to protect operations ordered via their app. To make the transfer, not only the user must log in to their account, but they also must enter a one-time SMS password. Delivery of SMS passwords to customers of Sirocco Pay around the world is handled by Apifonica.
The power of telecom in financial services
Why SMS and not other mediums - say, push or email? Well, first of all, almost everyone today has a mobile device, so using a mobile phone as “something you possess” seems like an obvious step. Second, and most important, SMS is delivered over a channel different than the internet network. Even if fraudsters managed somehow to break into the potential victim’s Internet traffic, they won’t be able to intercept SMS delivered over the telecom network.
Perhaps the only viable alternative to SMS in terms of both reliability and reach is a phone call. Same as SMS, phone call verification confirms the user’s identity through the mobile phone they own. But instead of a text message user receives their one-time passcode over a phone call, most commonly as a voice message generated from text using text-to-speech technology. Strictly speaking, a phone call is even more versatile verification method than SMS, for several reasons:
- It doesn’t require a mobile device. Verification passcode may be delivered to a regular landline phone.
- Some phone verification techniques are cheaper than SMS, allowing companies to save costs. For example, so-called “missed call verification” doesn’t even involve answering a call. A user receives a missed call from a random number, the four last digits of this number are used as a passcode.
Companies often use both methods at once, letting users decide how they would prefer to receive a password: as a text message or as a phone call.
Apifonica’s SMS supports geo expansion for Sirocco Pay
From the very start, Sirocco Pay has been using SMS to protect payments made through their app. However, as they’ve started to grow their presence on the international market, they faced some limitations of their SMS service provider. The delivery rate, the speed, the pricing varied from country to country, making it difficult to secure a consistent quality of service around the world. Sirocco Pay’s search for alternatives brought them to Apifonica. With direct connections to 120+ SMS operators, Apifonica was able to provide the optimal SMS coverage, delivery rate, and pricing to support Sirocco Pay’s international expansion.
Sirocco Pay sends SMS on multiple stages of user interaction with the service. First, when a user registers in the app, an SMS password is required to complete the registration. It is a necessary step to make sure that the user’s phone number is correct and active.
Next, the service requires an SMS password each time when a user orders a transfer through the app. Once the transfer is created, Sirocco Pay generates a unique one-time passcode, that immediately gets delivered to the user through Apifonica’s SMS platform. To complete the payment, the user must enter the passcode in the app. Verification ensures that the transfer is ordered by the account owner and not someone else.
“Is it safe?” is probably the first question that arises when we think of giving a try to a new financial service. For Sirocco Pay, protecting payments with fast SMS verification was an indispensable step for winning customer trust, now on the international level.