Imagine the scenario. You've just made an online transaction, the bank sends you an SMS, but someone else intercepts it and accesses your bank account.
A subsidiary of fraud investigation firm Ultrascan KPO proved it could be done with an old candy-bar style Nokia 1100 mobile phone. Ultrascan experts obtained hacker software to reprogram the phone through its network of informants. The phone was then used to break into someone's online bank account, affirming why criminals in Europe are willing to paying thousands of Euros for the Nokia 1100.
"Using special software written by hackers, certain models of the 1100 were reprogrammed to use someone else's phone number and receive their SMS from the bank," says Jenny Dugmore, CEO of FireID, a Cape-based provider of security applications for mobile authentication. "This highlights exactly why it's vital to eliminate the need for customers to receive passwords via SMS, as these can be intercepted by fraudsters."
It's to prevent cybercrime of this nature that FireID developed a highly secure, universal authentication system that makes Internet transactions and accessing secure data safe as well as convenient. The application enables a mobile phone to generate a one-time password which is sent to the user out of band, which means they cannot be intercepted over any of the mobile phone networks.
Dugmore says one-time passwords are the best way to ensure secure online transactions as they eliminate the need to remember passwords so users never have to risk writing them down or using the same ones repeatedly. They also do away with the need to carry hardware tokens which may be lost or left lying around.
FireID markets a token application turns mobile phones into self-contained one-time password generators.