Increased Use of Two-Factor Authentication Force New Social Engineering Tactic

A majority of organizations that offer online access to accounts have significantly increased the use of two-factor authentication, mainly one-time passcodes sent via SMS text. This has been in hopes to prevent unauthorized access to customer accounts and decrease the chance of impersonation and unauthorized online transactions. However, this increased use has caused more issues than it has solved. First of all, fraudsters have needed to become more stealthy and sophisticated in their social engineering efforts. Furthermore, it has caused an increase of mobile phone account takeover using SIM swaps and phone number porting, an option available to all customers that want to get a new phone or switch mobile carriers. A shift in the modus operandi of fraudsters from transactional fraud (i.e. the use of forged checks and stolen credit cards) to full account takeover has resulted from this increased use. This paper reviews the types of two-factor authentication that are more often used, and then provides brief descriptions of the fraud that has resulted and possible solutions to the issue at hand. After the introductory review, findings from the research conducted are presented that do the following: first, outlines the advantages and disadvantages of one-time passcodes; second, explores the good and bad of social engineering, what makes up the different aspects social engineering, and current tactics used; third, investigates an in-depth study of the fraud customers face as a result of SMS one-time passcodes; and last, suggests possible solutions to replacing SMS one-time passcodes and combating social engineering. This paper concludes that organizations must provide a different two-factor authentication option than SMS one-time passcodes and must apply a multi-pronged security approach that includes both educating the customer and implementing new technologies. Keywords: Financial Crime and Compliance Management, Dr. Kyung-Seok Choo, Mobile Authenticator Apps, Existing Account Fraud, New Account Fraud, Short Message Service.