In Part 1 of this series, we focused on trends to mitigate robocalls in voice communications and began to look into efforts to cut down on unwanted text messages. Here, we’ll examine sender IDs in text messaging.
2FA
Many of you, no doubt, have heard of the European Union’s European Banking Authority (or EBA) directive called PSD2 (Payment Services Directive). These guidelines were originally published at the end of 2015. By January 2018, all member states were required to implement the regulations.
In late July 2016, there were a significant number of news stories that have “declared the end of 2FA over SMS,” as the US NIST has recommended that the Out-of-Band delivery channel of SMS for 2FA tokens to be deprecated in the next version of their guidelines.
I published my first set of mobile predictions in January 2008. This is my tenth installment. My blog has had several iterations since it was initially part of the Sybase company blog space (we were known as Sybase 365, back then). When SAP acquired Sybase, most of my postings were migrated to the original SCN for Mobile area and now to the “new” SAP Community Network blogs. Some of the very old postings (before February 2011) are unfortunately no longer available in existing SAP archives.
At the 2016 Facebook’s F8 Developer’s conference, a new no-password login solution was announced called Account Kit. Account Kit is designed to be an alternative login facility for people who either don’t want to use a social login such as Facebook or a non-password login. Users are given a choice between either email or their mobile phone number as their “identity.” After providing one or the other, a one-time code is sent via email or SMS to their mobile device. Access to the account is then granted.
Ok, this is definitely a late 2016 predictions article – especially since it is the week after Mobile World Congress 2016. But, in my defense, not THAT much happens until after MWC, so maybe I’m not cheating so much. This is my ninth (yes 9th!) annual prediction blog posting.
Have you ever forgotten a password? I know that I have. I do all the time, in fact, although over the last year or two, I’ve gotten better at managing my password schemes (yes, I have schemes that I’ve memorized to generate new passwords). But forgotten password recovery is a “popular” mechanism in which bad guys can gain access to your account. So, we must incorporate a number of checks to disrupt and prevent attempts to gain access to accounts.
In the past few years, the incidents of major data breaches as well as hacking into personal accounts for not only public people, but also not-so-public people, seem to be on the increase. In June, 2014, McAfee recently published a study indicating that hackers are costing consumers and companies between $375 and $575 billion… annually! Furthermore, losses connected to personal information, such as stolen credit card data, have amounted to over $150 billion. We’ve all had instances of unsubstantiated charges appearing on our credit card statements. These are usually handled by the credit card companies, with little or no liability for us personally. I am hoping that as contactless payment options and EMV cards become more ubiquitous, we will start to see the great reduction or elimination of these types of fraudulent charges and activities.