There have been concerns for years (and years…) about security holes in the Signalling System 7 (SS7) protocol - the telco standard that is used to send SMS. Furthermore the National Institute of Standards and Technology (NIST) has started the process of deprecating SMS due to security fears. And now it has been reported that hackers have drained some bank accounts in Germany by exploiting one of the flaws in SS7.
In this case, online banking customers needed to get a code sent via SMS to their phone before a transaction between accounts could be completed. The hackers, who had obtained login and password details already, routed the SMS to themselves, and bingo - transaction successful. It wasn’t particularly sophisticated, and the hardware is easily available. What is frustrating is that nobody seemed surprised - it felt like an inevitability. The bottom line is that it appears that sending anything ‘secure’ over SMS is no longer acceptable. Would this have happened if the two factor authentication was carried out via push notification? Probably not.
Push Offers Increased Security
Compared to SMS, it is safe to say that push notifications offer much more security. Take Apple Push Notification service (APNs) for example, which “enforces end-to-end, cryptographic validation and authentication using two levels of trust: connection trust and device token.” Without delving into a deep technical exploration (you can read it for yourself in Apple’s developer docs, and let me off the hook), there are token and certificate based encryptions in place which ensure that push notifications are sent only to the intended end user, which SMS just doesn’t have or do anywhere near as well. Furthermore businesses are required to apply for the Apple certificate in order to send push for their apps, and they can be revoked if there is a breach in trust.
More Benefits Of Using Push
Push notifications provide better security, but they also come with other benefits for enterprise businesses. Let’s take a look:
Efficiency - Push notifications are much cheaper to send than SMS, so you will be saving your business money by doing so. As well as this they are much faster to deploy, and they can be sent at huge scale. For enterprises that need to send millions of push notifications in less than a minute - no sweat.
Richer Interactions - Let’s face it, SMS has not been impressive technology for at least 15 years. Push notifications, on the other hand, provide a much more sophisticated and attractive interaction, especially with the advent of Rich Push. This includes the ability to personalize and contextualize messages at a much more individual level in real-time. Add to this the use of emojis, and now with Rich Push the use of images, GIFs and videos, and SMS look like a real museum piece.
Tracking - We also get extra information from push notifications, such as which users have turned off push or uninstalled the app. This is useful information that you can use to re-onboard users or engage them through a different channel.