TaCode Tuesday: Preventing Delivery Fraud with Automated Zang Calls

Posted by Pedram Mohammadi on September 12, 2017

Delivery fraud, a new type of scam, exploits a business model loophole found on e-commerce sites that use the cash-on-delivery (CoD) payment method. This type of e-commerce fraud works by having a script automatically create new accounts with fake addresses and telephone numbers, ordering hundreds of products to pay CoD. The e-commerce company will then wrap-up all orders for delivery, leaving the scammed product out-of-stock for days. However, since all delivery addresses are fake, the items would end up returning to the warehouse, causing a huge loss on revenue due to restock, delivery failure, and loss of new orders.

Read More

Topics: TaCode Tuesday, cPaaS, Built On Zang, Security

How Secure is SMS-Based Two-Factor Authentication?

Posted by Alex Misevski on November 17, 2016

With the current increase in digital crime and internet fraud, depending on passwords is no longer sufficient, and two-factor authentication is becoming a critical aspect of maintaining the security of mobile applications. In fact, a recent report indicated that more than half a billion online personal records were breached in 2015, and mostly through mobile devices. Therefore, strengthening the authentication process should be a priority of any mobile app developer.

How It Works

Two-factor authentication, as the name suggests, involves presenting two authentication credentials to ascertain the legitimacy of the user signing in to an iOS or Android app. It adds an extra layer of security by sending a random code to an individual’s device using an SMS message, which the user will input, along with a name and password, to gain access to his or her account.

When a mobile app user wants to log into his or her account, he or she will be prompted to validate with a unique username and password—which is the initial authentication layer.

Next, the two-step verification will require an additional procedure to reconfirm the user’s credentials. The most cost-effective procedure involves using either one-time-password (OTP) security tokens sent via SMS to the user’s mobile device or out-of-band (OOB) methods involving completing the authentication process over a different channel other than the primary one.

The purpose of the additional step is to discourage attackers who are trying to steal a user’s information by fraudulently penetrating their accounts. If you integrate dual factor authentication into your apps, a cybercriminal will require both the first verification process as well as the OTP to gain access to a user's’ credentials.

With the two-step verification technique, even if a hacker has retrieved a user’s username and password by exploiting a vulnerability in a mobile application, taking complete control of the account will be difficult because of the absence of the one-time-password, which must be sent as an SMS to the user’s mobile device. Consequently, this results in fewer security breaches and reduced total costs on interruption.

Read More

Topics: Security, mobile apps, SMS