Next-gen SMS: shifting security perceptions in banking

The benefits of PCI DSS are not restricted to banking
The benefits of PCI DSS are not restricted to banking

It's almost a paradox – barely a week goes by without reports of a security breach, privacy leak or hacking attempt, yet more of us trust our personal data to online companies and services than ever before.

Accustomed to using our mobile devices for every facet of our daily lives, we have become overly reliant. We assume the apps and services companies have developed to meet our mobile-centric needs are secure – even those that handle our sensitive information. With a growing dependence on the convenience of mobile devices, this isn't likely to change any time soon.

Yet rather than creating new concerns about privacy, this demand for immediate mobile-based services will actually help digitise several industries and change them for the better. The result will be a number of overall improvements that cater to the consumers' need for convenience, meeting all necessary security standards without affecting the user experience.

PIN risks

Take banking, for example. Currently, when ordering a new credit or debit card, the process involves a postman delivering the card in one envelope and PIN number in another. Although the potential for fraud is lessened by sending the two separately, a certain degree of risk still remains. Yet as banks are now striving to upgrade their services for an audience that demands immediacy and convenience, they are instead turning to SMS to deliver sensitive information like PIN numbers.

Unsurprisingly, this has raised some concerns. Even though SMS has been widely adopted by the banking industry and is trusted to deliver account alerts and confirmations, it has not traditionally been considered secure enough to handle highly sensitive information. Fortunately, this is no longer the case.


Thanks to recent developments the SMS platform has received a significant security upgrade, culminating in an industry accreditation called PCI DSS. This is an independent certification of compliance with the strict data standards outlined by the payment cards industry and is required for any enterprise that handles sensitive customer data. In essence, PCI DSS validation lets banks offer new timesaving and mobile-based services like payment card PIN delivery via SMS, while still ensuring customer data is protected to the highest possible standard.

There are a number of benefits to this approach. PIN delivery by SMS is more immediate, more intrinsically secure as less people are involved in the process, and easier for both cardholders and banks. SMS can also be implemented without investing in complex new technologies and is accessible by any customer – almost everyone has a mobile phone and is capable of receiving a text.

The benefits of PCI DSS are not restricted to banking either. There are implications for all enterprises. With security and privacy concerns addressed through PCI DSS, enterprise SMS has become a convenient platform for notification and authentication. It's capable of ensuring data protection while providing today's mobile-centric users with the convenience and immediacy they demand, making PCI DSS-validated services an ideal base for businesses to adapt their operations for the mobile age.

  • Silvio Kutic is founder and CEO of Infobip