SMS based authentication hacked, but not the PINswift
Thanks to our patent pending technology, PINswift is resistant to SS7 attack or any other attack based on compromising confidentiality of SMS. PINswift uses advanced technology to calculate PIN directly on cardholder’s mobile phone and does not depend on SMS confidentiality.
Bank accounts across Germany have been recently drained by hackers exploiting vulnerability in SS7. This communication protocol is used by telecommunication networks to deliver SMS. It’s the kind of attack that researchers have warned about for years.
Professional organizations and bank authorities aware of the problem such as EBA and NIST do not consider SMS 2-factor authentication secure any more and recommend using different authentication methods. Many banking solutions today use SMS as a form of 2-factor authentication which makes them vulnerable to SS7 attacks. Many, if not all SMS based PIN delivery solutions are affected with this vulnerability, but not PINswift.