Coincidentally, just this morning I had been thinking about how banks use SMS messages for 2FA.
The "SMS" facility began as a novelty. Initially, only personal messages were sent as SMSs. Then employers began sending SMSs to subordinates. Soon, IT System Alerts were sent over SMS to the Administrators. IT System Administration jobs became 24x7.
Banks have been using SMSs to authenticate internet banking / credit card transactions. SMSs are used to notify card holders of transactions.
Did the telecom companies know that the SMS facility would become so "mission-critical" ?
Over the past six months, I have had a number of occasions when a credit card transaction over the internet has failed -- simply because I did not receive the OneTimePassword via SMS before the website did a "timeout". (One particular bank's SMS messages, I notice, come much slower than others).
a. The bank's SMS transmission system went down
b. The Mobile Service provider's SMS delivery system was very slow (or down ?)
c. My mobile phone was "out of range" ?
I wouldn't be able to execute a transaction. Who is to blame ? The bank ? My Mobile Service provider ? Me ?
We use Internet Banking and have access to our accounts 24x7. Similarly, we use many other Internet services, Mobile services, Content Delivery methods etc. How dependent are we on these ? All of these are based on technology -- hardware and software.
a. Hardware can fail
b. Software can (and does) have bugs
c. Administrators of these systems can make "mistakes".
And what happens if a solar flare takes out electronic communications system ? Or an EMP fries some major communication nodes ?
How dependent are we on these "technologies that can fail". Yes, I know about "redundancies", "fail-safes", "backups", "disaster recovery" yada yada yada. But sometimes I wonder if all the CxOs really are 100% confident that their electronic systems, with many dependencies on external providers and nature ?