It’s been almost a year since the COVID-19 virus caused the pandemic, and we’ve already seen a complete global economic shock.
Alongside the economic shock (almost a standstill in some domains), digital and mobile-first industries have experienced growth that led to an increased number of online and mobile consumers.
In addition, governments from across the globe have so far faced a huge uphill battle in getting valuable information and notifications to their citizens in order to keep them up to date with the constant novelties related to the pandemic.
Both examples above have had a serious impact on the usage of SMS as a communication channel – whether it is to just notify the user of the purchase made, to identify its mobile phone number, or to make sure it received the latest government-issued information re the pandemic. Thus because the SMS function is universal and readily available to every mobile phone user out there.
The technology being used to distribute and deliver notifications, marketing messages, and alerts is also heavily used for delivering sensitive information like SMS OTP used to verify the mobile user or a payment transaction thus playing a completely different role – SMS as a mobile user authentication channel.
SMS OTP as well as marketing messages and notifications have been around for decades and are proven to be a very practical communication channel. Although SMS was never created with an intention to play a big role in protecting the mobile user and delivering sensitive information, with the explosion of SMS-based 2FA that has been the case for a long time now, despite the vulnerabilities. In the time of the COVID-19 pandemic, user authentication-related SMS usage has proven to be even less effective. Why? We are sharing our first-hand experience in some of the countries.
What we have seen first hand is that, due to surges in the usage of SMS, SMS Centres within some mobile network operators have experienced overflow. That SMS center overflow is proven to be threatening to SMS-based 2FA and verification/transaction approval messages for one simple reason – there can be a serious delivery delay or delivery problems. A big no-no when it comes to the security of the mobile users in the era of the pandemic, the era of supercharged online and mobile payments, and the era of millennials demanding everything in a click. A late marketing message via SMS can be forgiven, but late or not even delivered SMS OTP can mean a difference between gaining a new user or losing it.
Why SMS Centers get overflowed?
Mobile Network Operators were making significant changes and updates in the previous years but their focus has been on the improvement of the data channels and moving into the 5G infrastructure, not so much on improving SMS as a channel. So SMS Centers are more or less a legacy system. A legacy system is any system considered to be outdated in terms of the tech it uses. In this specific case, SMS Centers used by mobile operators can sometimes be up to 20 or more years old.
This is one of the reasons why SMS can fail to reach the end-user about 15% – 25% of the time. SMS Centers can get “clogged up” by huge amounts of data coming into the system all at once.
So, what happens when big government agencies get involved and start sending massive amounts of data through these outdated channels? Well, it can often cause disruptions and delays in regular data transmissions.
For example – some Amber alerts in the United States are sent by both local and federal authorities through network operators. Some countries, like the USA, have set up similar SMS information and alert systems. Rising quantity in these SMS messages can sometimes cause delays in the network operators’ systems.
In Russia and a few CIS countries, authorities have heavily relied on their mobile networks to stay in touch with the population during the worst days of the COVID-19 crisis. They implemented a sort of permit system, in which people had to request permits to leave their houses during the quarantine.
Once they’ve applied for a permit, the authorities would reply with a pass via an SMS, and then that person would be allowed to commute for a certain amount of time to a registered location.
The effect on 2FA and user authentication-related SMS
It is important to keep in mind that governments around the world aren’t the only ones flooding the SMS traffic channels. Many private entities such as banks, e-commerce websites, and other businesses that process payments online tend to create a high volume of A2P SMS traffic – whether it is transactional messaging, advertising, or even more important SMS OTP.
Application-to-person messaging, or A2P messaging is any type of message being exchanged between the application and the user. Those can be automated marketing messages, appointment reminders, chatbots or virtual assistants, notifications, and one-time passwords (OTPs) or PIN codes. A2P messaging has been skyrocketing during Covid times especially in notifications, transactions, and alerts.
All this increased volume of the SMS makes it so that the legacy systems have issues with overloading. It is not that big of a problem when an SMS containing a notification or alert doesn’t make it through, but it can be a vulnerability when SMS OTP do not arrive or are delayed so the user cannot complete the transaction, not to mention the reputation risks and overall bad user experience.
So many businesses end up seeing registration drop-off rates going up due to undelivered SMS OTPs when trying to verify users’ mobile phone numbers, or even worse, shopping cart abandonments when verifying the payment transactions.
However, this situation can be avoided by mobile app developers and other mobile-focused businesses implementing 2FA, MFA, and mobile phone verification and mobile user authentication options that are not leveraging SMS as a communication channel.
The IPification Passwordless, One-Click Login, and Authentication solutions can be a choice.
As mentioned before, our technology does not rely on SMS channels to perform user authentication / mobile phone number verification. IPification uses a completely different mobile network operator channel to perform the verification and authentications so the user’s mobile phone is verified in a second, with one click, within the app in 100% of the time. No waiting for an SMS, no drop-offs, and no diminished security risks.
For mobile network operators that implemented our patented technology, GMiDBOX, this essentially means that they can offload SMS related traffic when it comes to mobile authentication SMS by using IPification verifications channels, and as a byproduct of using IPification, increase the delivery rate while reducing delivery time on all the other A2P SMS traffic.
Making IPification the main mobile user authentication and verification option means also improving user experience and security at the same time for all mobile businesses and the operator users out there.
You can learn more about our patented technology for Mobile Network Operators right here.
