Enterprise

Bank Card PINs: On-demand Delivery Over Secure Text Messages

Banks that continue to thrive in today's mobile landscape do so because they offer real-time financial information with all the features that made mobile what it is today.

May 23 2016

According to US-based cloud computing company Salesforce*, nearly half of Millennials want to receive SMS alerts from their bank. Out of 285 consumers, 43% have signed up for SMS alerts from their bank.

Indeed, checking personal account balances has long been considered the norm in client satisfaction for banks and consumer-first financial services such as PayPal. Now long-evolved, this communication implementation was a way for the financial sector to dabble in the potential that A2P SMS started offering to enterprises around the globe.

Today, robust mobile banking features are the norm, and mobile-centric consumer expectations are much higher. A technological boom resulted with a slew of instantly accessible services which generated this expectation. Banks that continue to thrive in this attention grabbing mobile landscape do so because they offer real-time financial information combined with all the features that made mobile what it is today. In fact, they are uniquely positioned to make the most out of their client’s attention.

When dealing with or reviewing personal finances, the client is fully-focused on digesting the information served over mobile. This focus is based on their bank sending data that is: a) completely relevant and b) well protected. The challenge thus becomes combining seamless, secure and on the go.

Cloud security meeting user convenience

In recent years, professional SMS platforms have dedicated time and resources into crafting A2P SMS solutions which would solve these challenges. In doing so, these specialized providers have reassured banks and cardholders that enterprise SMS systems can be used to shape a wide array of mobile financial services.

As a result of focused R&D and dedicated security infrastructure upgrades, the capabilities of new generation SMS systems have broadened significantly, and now they include a capacity to deliver sensitive authentication data, such as bank card PINs, upon client request, in real-time. This type of secure SMS (SSMS) process bypasses many touchpoints of the standard, letter-based service.

Real-time PIN delivery on your user’s own terms

Usually, banks print PINs into secure envelopes that are sent to cardholders over standard mail when a card is first issued or PIN changed. This increases the risk, cost and time needed for delivery. Meanwhile, cardholders aren’t able to use their new cards. This is called lag, and it’s costly. A normal postal delivery takes about a week, so banks directly lose out on the amount of time it takes for the PIN to arrive. These losses are estimated at 2% of expected annual spending per each newly issued card. In fact, our internal research shows that the average cost benefit over standard print and mail service ranges between 40-60% per issued PIN.

Bank card PINs - On-demand delivery over PCI DSS secured text messages

With a specialized provider such a strained process can be easily replaced with seamless mobile PIN delivery which instantly gets the PIN straight to the cardholders’ hands as soon as they receive their new card, solving the fundamental premise of a customer-centric experience.

New layers of security in PIN delivery

All messages sent through our SSMS platform are delivered directly to a trusted telecommunication operator, through a Payment Card Industry Data Security Standard (PCI DSS) Level 1 compliant communication channel. Such certified PIN delivery process works without intermediaries, providing ironclad end-to-end security.

RSA 2048-bit encryption, private and public keys are used to ensure security during the information exchange. When a client requests the PIN using proper credentials, a combination of the secret word, card identifier, and the phone number is used to match the user with the correct PIN. Once a PIN is generated and encrypted, it is stored separately from the phone number and the secret word collected during the card application process. At no time during the process can anyone retrieve or intercept PINs for a specific card. Upon successful delivery, the PIN is automatically deleted from the system.

PCI DSS streamlined secure SMS PIN delivery flow

Using converged technologies for client protection

Constantly adapting fraud detection systems for credit card transactions due to an increasing number of new threatening scenarios is the fact of life for all major players in the financial industry. However, these pitfalls can be mitigated using the right technology.

With many cardholders travelling abroad, global banks are faced with an ever-increasing number of transaction performed or attempted internationally. Using services like Number Lookup and geo-location allows them to determine if their client is roaming, and use the data to accurately assess the risks of fraud.

If a card transaction was attempted abroad, we can determine if the cardholder’s mobile number is in roaming. If that number isn’t in roaming, the user most likely isn’t located abroad and the legitimacy of the transaction can be put in question. This, in combination with the location of the ATM, allows banks to introduce an additional check point before blocking the credit card to prevent a likely fraud scenario.

In a world where mobile occupies two of the top three ways that Millennials want to receive alerts from banks, and where 27% are completely reliant on a mobile banking app, it’s crucial for banks to keep pace with connected consumers on their own terms.

Connect with us today to find out how the Infobip platform helps your raise your game for client-oriented communications.

*What Millennials Expect from Their Banks / www.salesforce.com/research