Snippet: An investigation into online banking security measures in Australia revealed that SMS OTP is still very popular there, despite increasing global awareness of this authentication method’s vulnerabilities.

An investigation into online banking security measures in Australia revealed that SMS OTP is still very popular there, despite increasing global awareness of this authentication method’s vulnerabilities. In fact, starting from the next edition of its Digital Authentication Guideline, the United States’ National Institute of Standards and Technology (NIST) will no longer allow SMS OTP as a form of 2FA.

As can be seen from the table below, the password/OTP combination is the most popular security measure protecting online banking at Australia’s biggest banks, whether the OTP arrives via SMS or is generated on a token. However, after attacks from malware like MarcherAndroid/Spy.Agent.SI and Android.SmsSpy.88.origin, which all managed to bypass SMS OTP, these institutions will urgently need to rethink their security.

Subscribe to our blog.


Jolette Roodt

WRITER/ANALYST

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.