Contact Center Industry News

TMCNet:  New Research From Ponemon and tyntec Finds IT Security Pros Abandoning Traditional Security Measures in Favor of SMS-Based Two-Factor Authentication

[March 12, 2014]

New Research From Ponemon and tyntec Finds IT Security Pros Abandoning Traditional Security Measures in Favor of SMS-Based Two-Factor Authentication

(Marketwire Via Acquire Media NewsEdge) SAN FRANCISCO, CA -- (Marketwired) -- 03/12/14 -- New research by the Ponemon Institute, sponsored by mobile interaction service provider, tyntec found the vast majority (68%) of North American organizations agree there's a need for more secure authentication methods over the traditional username and password method. As an alternative, nearly half (46%) plan to extend the usage of SMS-based two-factor authentication (2FA) in 2014 for identity verification and activation of online services. While another 72% felt this type of added protection would improve the customer experience as a result of enhanced mobile authentication features like mobile number verification. The independent research report, "Unlocking the Mobile Security Potential: The Key to Effective Two-Factor Authentication," surveyed more than 1,800 IT and IT security practitioners around the world.

As online security breaches become more prevalent and disruptive, the emerging verification method of choice is SMS-based 2FA due to its user-friendliness, cost effectiveness and high level of security. The Ponemon report found that companies implementing SMS-based 2FA use the method mainly for identify verification in user registration (43%), each login (38%) and transactions (33%).

Influx of failed One-Time Passwords (OTPs)Despite its effectiveness, organizations implementing SMS-based 2FA are experiencing issues when it comes to implementation and conversion rates as a result of invalid mobile numbers provided by end-users. According to the survey, 29% of respondents in North America cite that on average 11-20% of OTPs fail to be delivered. Of that, 48% on average fail because an invalid mobile number was entered by the end-user.

As part of the authentication process, users who opt-in for SMS-based 2FA are required to share their mobile number with application providers to receive a unique, One-Time Password (OTP) sent via SMS to authenticate their identity. The SMS containing the OTP must be entered and authenticated to successfully complete the transaction, registration or download process. Unauthenticated OTPs translate into inactivated accounts, incomplete transactions, and ultimately, a poor customer experience.

But even in the face of gaping discrepancies, 29% of North American respondents are still unaware that SMS-based OTPs sometimes don't get delivered -- 30% are aware of the issue but are unsure of the reasons why OTPs fail to reach the end-user. The cumulative impact of failed OTPs is a heavy burden on service providers looking to increase security.

Solution: mobile number verification To address the issue of invalid mobile numbers and unauthenticated OTPs, service providers are looking into mobile number verification tools such as tyntec's OTP SMS service to pre-verify mobile numbers before sending OTPs. The survey found that 68% of North American respondents would be interested in the ability to verify where end-users are located and whether their mobile number is valid in real-time to strengthen security measures and reduce the amount of failed OTPs. Currently, only 6% of North American respondents verify recipient data before sending OTPs.

"To service providers looking to increase security for their users, the ability to pre-verify mobile numbers is essential. In addition to accruing costs in messaging fees, invalid mobile numbers also result in unauthenticated One-Time Passwords, un-activated accounts and un-met expectations on behalf of both the sender and end-user," said Thorsten Trapp, Co-Founder and CTO of tyntec. "Companies therefore need to ensure that they strike a balance between cost and reliability from the beginning. By performing a validity check of the mobile numbers provided in real-time, companies can instantly notify users of the mistake and allow access to vital services that they've requested or subscribed to. As a result, service providers can improve customer satisfaction with fewer complaints, reduced customer support costs and higher conversion rates." Larry Ponemon, Chairman and Founder of the Ponemon Institute, added, "Enterprises and internet companies know that the traditional username and password is simply not enough anymore. However, companies deploying SMS-enabled two-factor authentication need to ensure that One-Time Passwords aren't being sent to invalid mobile numbers. As a result, the research confirmed that 67% of global respondents said customer experience improves when SMS-based two-factor authentication is combined with real-time verification of the receiver's mobile number." For more information, download the free report and infographic at

Methodology Research was conducted by the Ponemon Institute in January 2014 in four global regions: North America (NA), Europe, Middle East and Africa (EMEA), Asia-Pacific plus Japan (APJ) and Latin America plus Mexico (LATAM). The study utilised a demographically balanced omnibus sample of IT and IT security practitioners positioned in Forbes Global 2,000 companies with bona fide credentials. Survey procedures were based on scientific methods that permitted extrapolation and population inferences.

About tyntec tyntec is a mobile interaction specialist, enabling businesses to integrate mobile telecom services for a wide range of uses -- from enterprise mission-critical applications to internet services. The company reduces the complexity involved in accessing the closed and complex telecoms world by providing a high quality, easy-to-integrate and global offering using universal services such as SMS, voice and numbers.

Founded in 2002, and with more than 150 staff in six offices around the globe, tyntec works with 500+ businesses including mobile service providers, enterprises and internet companies.

About Ponemon Institute Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations.

Press contact tyntec tyntec Caroline Dreier +49 89 202 451 140 Email Contact Press contact US PR agency Barokas Public Relations Frances Bigley +1 206 264 8220 Email Contact Source: tyntec

[ Back To Cloud Contact Center's Homepage ]


Featured Resources

Featured Report
Millennial Research on Customer Service Expectations

Millennial Research on Customer Service Expectations

The "why" behind this research is simple: our clients recognize that different generations bring different expectations, varied communication preferences and new customer service patterns to the customer experience...
Featured Report
Optimizing the Customer Experience through Cloud Contact Centers

Optimizing the Customer Experience through Cloud Contact Centers

Adoption of cloud contact centers is on the rise. Findings from Aberdeen's January 2014 'Public Cloud vs. On-Premise: How to More Effectively Deploy a Cloud Center' study shows that 31% of contact centers are deployed in the cloud, and our related blog post highlights that companies anticipate their adoption of cloud technology to rise further throughout 2014...
Featured Report
Aberdeen report

Aberdeen Report: Cloud for Mid-Sized Contact Centers – What You Must Know

Cloud Technology is opening new doors for many businesses. However, it does so only when it's combined with the use of best practices and key technology enablers. This document highlights the adoption of cloud technology by mid-size contact centers and illustrates the reasons driving their investments...
Featured Whitepaper
Aberdeen report

Seven Critical Capabilities to Demand From Your Cloud Contact Center Provider

To deliver a world-class customer experience, your contact center must be flexible and reliable, while providing all the tools agents and supervisors need to manage their workflows. Here are seven critical capabilities to look for when deploying a contact center in the cloud...
Featured Webinar

Contact Center Economics and the Cloud

Together, Bob and Drew will help you understand the economic value of upgrading technology, important business and financial considerations, and how to compare total cost of ownership of a premises vs. cloud or hosted solution. Watch the webinar on-demand now...
Featured Datasheet
Zipwire Cloud Contact Center

Zipwire Cloud Contact Center

The appeal of moving services to the cloud is obvious. Cloud services offer reliability and robust feature sets without the need to implement or maintain complex contact center infrastructure. The Zipwire™ cloud-based contact center allows businesses to leverage the flexibility and cost savings of cloud architecture while offering a seamless, first-class customer experience...