Outright replacing SMS-based 2FA would mean cannibalization of this widely used service and potential revenue loss for MNOs.
With the ever-growing mobile economy of today, mobile identity is becoming one of the most important parts of our digital personas, and in turn, the pillar of MNOs’ businesses.
However, considering that risks of cyberattacks are increasing as well, we are seeing various stakeholders enter the mobile authentication market, each with their own solution.
The most important authentication method for MNO’s is definitely the SMS-based 2FA which is not only the most widely used but also has a significant impact on MNO revenue.
Be that as it may, 2FA is far from perfect – some might even say completely outdated by today’s standards. Right here is where we come to one of the biggest business threats MNOs face as far as their role in mobile ID management goes.
Since new authentication methods are appearing every day, MNOs have to make sure to be able to provide a competitive solution to stay relevant. Sure, SMS-based 2FA has a huge user base, but will it stay relevant? Most likely not.
Let’s discuss that more in-depth before I move on to explain the ways in which MNOs can make sure they stay competitive in this field to keep, and even fortify their position as the leader in the mobile ID management space.
SMS 2FA is Still the Most Widespread Type of Mobile Authentication, But For How Much Longer?
2FA is currently on its way to overtake username/ password authentication as the most used authentication option. If you think about how long this traditional authentication option has been in use, for anything and everything, you can see just how significant this stat is.
To give you the exact numbers, 2FA has reached 36% of the market, following username/ password authentication at 40% closely.
Enter irony.
Although these authentication methods have by far the biggest user bases, they don’t fare very well against cyber threats. Now, I won’t bore you with any details about username/ password authentication as I’m sure we all know by now just how fragile this method is. Instead, we’ll be focusing on SMS-based two-factor authentication.
While once it reigned supreme in secure mobile authentication, SMS 2FA simply won’t cut it in today’s landscape.
SMS 2FA comes with SS7 technical flaws within the network which can be exploited for interception and rerouting of your SMS OTP. Furthermore, we have to mention the SIM swapping phenomenon, a hacking strategy that’s been growing into one of the biggest issues in the cybersecurity industry.
With that kind of track record, it’s clear to see why 2FA faces numerous doubts about its security capabilities. And security isn’t the only weakness of this authentication method.
As a matter of fact, an even bigger issue with 2FA as far as the average end-user is concerned is user experience. An overwhelming majority of consumers, more than 70% that is, prefer an authentication method for its ease of use.
To illustrate this further, a 2019 study from MarketWatch found that 67% of consumers don’t use any kind of 2FA for their personal accounts, and only 55% use it for their business accounts. And when IT professionals implement 2FA into their companies, 74% of them receive complaints about it from their users.
While it’s a fact that SMS-based OTP contributes significantly to MNO’s revenue, we have to admit that there is a big market that 2FA has failed to tap into. If we add to that the fact that 2FA has been called “a deprecated authentication solution” for years now, it’s clear that it’s time for a change.
So, how should MNO’s go about this without risking cannibalization and revenue loss?
What Would Happen with MNO Revenue If They Moved Away from SMS OTP-Based Solutions
To be able to analyze this situation, let’s first determine the state of the SMS application-to-person market that includes SMS OTP, but also marketing, customer relations, and other enterprise-to-person communications.
In 2017, the A2P SMS market stood at $11.86 billion predicted to grow to $26.61 billion in 2022. While SMS 2FA is only one of the use cases of A2P, it is still a large market.
While MNOs have actually been missing out on around $10 million per year on A2P SMS revenue due to fraudsters and gray route A2P, it’s still one of their most lucrative products. As such, we have to raise the issue of cannibalization.
Why risk losing what works well to some extent, to something we don’t know will work?
It’s simple – to grow and expand the MNO operations, especially when it comes to mobile identity management and authentication, a field where they have more potential than any other stakeholder.
To start with, from the perspective of security, SMS-based 2FA flaws are becoming mainstream. It feels like every day news break of yet another hacking instance. SIM swapping specifically seems to be a bigger issue than ever before.
That poses certain challenges to acquiring new customers. As more and more end-users, as well as companies, learn about SMS-based 2FA, they might be inclined to turn to other solutions.
Moreover, that has resulted in the development of numerous superior authentication options. Unless MNOs find a partner authentication solution that can be incorporated into their infrastructure, they risk losing both customers and the important role they place in the mobile identity management space.
Finally, implementing secure authentication would minimize the identity fraud they fall victim to, therefore minimizing their losses and improving their brand reputation.
Now, if MNOs took that secure authentication and added frictionless user experience to it, they would be able to onboard more users, who choose to stay away from SMS 2FA, to maximize their revenue.
As a cherry on top, by providing secure and seamless authentication, MNO’s would gain a competitive edge over their competitors positioning themselves as the pioneer in the market.
So, what type of authentication solutions would be best to incorporate as an alternative to SMS-based 2FA?
Well, to be able to create a new revenue stream to make up for, and hopefully outgrow, the revenue that MNOs rake in via SMS 2FA, MNOs should partner up with an authentication provider that leverages their capabilities.
One of those is our own IPification.
IPification relies on MNO infrastructure to authenticate users’ devices, phone number and network through a patented technology called GMID-BOX. MNOs simply install it on their networks, enabling it to generate a hashed Mobile ID code unique to each user and each service. This mobile ID contains various SIM card and device non-personal data that is used to authenticate users while preventing fraud attempts in real-time, and continuously in the background.
It protects consumers with frictionless and continuous authentication, while at the same time commercializing network capabilities that were never commercialized before.
Want to know more? Let’s talk.
