: Attackers could intercept SMS codes by exploiting vulnerabilities in the SS7 protocol used by global telecommunications [22].
: The user enters the code into the application to prove they have physical possession of the device [13]. 2. Key 2019 Regulatory Changes
Below is an overview of the core concepts, security risks, and technical implementations as they were established or studied in 2019. 1. Core Workflow of SMS Verification SMS Verification Method 2019.pdf
: A common social engineering attack where a hacker tricks a mobile carrier into porting the victim's phone number to a new SIM card [8].
: This directive, which came into full effect in September 2019 , forced banks to implement Strong Customer Authentication (SCA). Many banks chose SMS-OTP as the most accessible second factor for compliance [6]. 3. Security Risks Identified in 2019 Research : Attackers could intercept SMS codes by exploiting
: A user enters their credentials (username/password) on a website or app [13].
: Researchers proposed using smart contracts and distributed ledgers to generate and validate OTPs, reducing the reliance on a single central authority [20]. Key 2019 Regulatory Changes Below is an overview
: Tricking users into providing their SMS code through fake login pages [8]. 4. Technical Improvements Proposed