Despite its widespread use, SMS technology has lost its luster as a safe means of verifying the identity of an individual during a banking transaction.
This is what the lobby group for Australian telcos is claiming in the wake of a recent fraud incident.
The identity theft was eventually traced back to key logging malware on the victim's PC that recorded the account details, and since one-use SMS access codes for the account are required, the criminal then used the acquired details to port the phone number to another account.
"Stanton should take the lead from other countries such as the UK that have better security questions to request a ported number, or PAK code, and send them as a letter or email to the account holders registered address preventing such an attack," he said.
Goode Intelligence managing director, Alan Goode, said despite the recent mishap, SMS can provide an additional layer of security that enables organisations, including banks, to improve the security of their online services.
"When used in two-factor authentication, SMS allows all users, and not just a limited few, to benefit from agile strong authentication and protect them against financial fraud and identity theft," he said.
Instead of focusing on SMS, Goode says the responsibility lies with telecommunication suppliers to have appropriate levels of security are implemented for their clients to ensure that cyber criminals do not exploit any weaknesses that allow them to abuse their services.