Companies that communicate with their customers via SMS could leave them open to ID theft.
Dan Perrin, business development manager at BulkSMS.co.uk, has claimed that phishing scams now also target mobile phone users by using a text to initiate a communication. He claimed that businesses should be careful of the information they might request via the mobile phone channel, to reduce the risk of the customers falling victim to text message fraud.
Perrin claimed that one method in operation is when customers receive a text message from what seems to be a reputable financial institution prompting them to call a telephone number due to a possible fraudulent transaction on their account.
They are then requested to divulge their PIN number, or other personal details, on the pretence of changing their PIN to secure their account. Customers become victims of the very fraud that they are trying to prevent when they follow up on these sorts of text messages.
As companies use SMS to make transactions safe and reliable, the company claimed that careful planning and the implementation by companies of suitable communication policies and procedures need to be instilled.
Perrin said: “Companies also need an understanding of the text message's weaknesses - these messages are not encrypted and are easy to imitate.
“Not only is email an insecure means to send personal information but fraudsters can quite easily pretend to be your bank and imitate marketing material, emails and text message communications. Phishing scams go so far as to disarm customers by including the warning ‘don't divulge your personal information to anyone but your trusted bank' in emails sent.”
Jason Hart, CEO of Cryptocard Europe, who offer SMS services for its distribution of one time PIN access numbers, said: “If you have any sensitive data or confidential information and you send it by SMS then it is in the open and it is unencrypted.
“In reference to what we do you have two parts – a one time password which is transmitted via SMS and also a pin number which is unique to the user. Just like any two factor authentication you have a physical font that is individual to the user.
“It doesn't really affect us at all as the SMS just transmits a number that is unspecific to anyone but the user. I'm pretty sure that there are secure SMS servers out there just like there is with HTTP and HTTPS.”