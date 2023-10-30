OCBC Bank told its customers it will no longer use SMS as its default method to inform customers about banking activities.

“SMS messages traverse the telecommunications network, and then land on a customer’s mobile phone. Unfortunately, the sender labels for these messages can be easily spoofed, a vulnerability that has given rise to scams,” said Cisco’s cyber-security strategist and adviser Vivek Gullapalli.

In the case of push notifications, the content is received on a mobile app that is owned and managed by the bank, said Mr Gullapalli. This ensures that the whole process is a closed loop, and therefore controlled and secure, offering an additional layer of security. headtopics.com

Mr Kelvin Lim, director of security engineering at Synopsys Software Integrity Group, noted that SMS protocols are based on a 30-year-old technology when the cyber-security landscape was largely different.

On the other hand, push notifications are encrypted and transmitted securely from the bank straight into the banking app, making it harder for hackers to intercept, said Mr Lim. This extra layer of security will also remove the risk of customers falling prey to SMS phishing, where hackers impersonate the banks and send malicious SMSes to customers. headtopics.com

Switching from SMSes to push notifications would also help banks see potential savings, although the cost-saving aspect of the switch is secondary. With consumers today heavily dependent on their mobile phones for everything from entertainment to payments, risk levels are significantly elevated when a mobile device is compromised, or when the authenticity of an SMS is in question, he said.seeks to strengthen the direct accountability of financial institutions and telcos to consumers. The Shared Responsibility Framework places duties on financial institutions and telcos, making them liable to pay if they have fallen short of these duties.

