We should stop accepting this ridiculous excuse. Our phone numbers are not identifiers. How does me telling a bank "My phone number is 123-456-7890" give them any assurance whatsoever that I am the person whose name will be printed on a loan document?
It's most definitely baloney because I also had to provide ID. So, certainly there is no way I could identify myself "even more" by giving them a phone number than by giving them a government issued ID.
I think you missed the point. The process creates an identifier, by strongly associating you with the phone number.
This association allows the bank to quickly establish your identity later when you call up or use online services.
Any phone that can receive SMS, not a smartphone. You could purchase a burner flip phone for this purpose.
My wife's elderly aunt has a flip phone that can receive SMS but not MMS. We just went thru an "identity verification" procedure with a major bank last week that sends MMS, not SMS, and could not reach her flip phone.
The whole ordeal was a huge pain in the ass and if my wife and I weren't there to help her it would have been completely impenetrable to her.
Doubt it, model number?
>We just went thru an "identity verification" procedure with a major bank last week that sends MMS, not SMS, and could not reach her flip phone.
Double doubt it, verification services do not use MMS. It would be against NIST standards and not a single verification software sends MMSs. I work in this space. MMS is being deprecated across the globe, multiple telcos have already entirely disabled MMS at the network level.
You're likely confusing getting a verification number in the banking app, not SMS/MMS.
My Android phone says "SMS" under the "bubble", next to the time, when I send my wife's aunt a message. If I attempt to attach a photo to a message to her (which I've always thought was "MMS") she never receives the photo or any text I send with the photo. Nothing.
re: the identify verification
We had the bank send the message to my wife's phone. She received a message with a link to a website in the native text messaging app on her iPhone. My wife absolutely doesn't have the bank's "app" installed. The website linked in the message used her camera to photograph her aunt's ID and face. I don't know what color the "bubble" was on my wife's iPhone, which I know has some ability to differentiate SMS vs iMessage.
My aunt can receive text messages. She couldn't receive this message. That's what I know.
Really? Are they just presuming all of their customer can use RCS now? Or am I missing something?
But this might not really have been a 2FA case - I mean, I was physically sitting in the bank.
Cherry on top of this dystopian situation was that the number needed to be a Spanish phone number. Couldn't be from a different country code.
This reminds me of the Japanese cybersecurity minister who did not use a computer.
Bonus points if you work at Apple, or Google and work on iOS or Android. Would explain a lot why they are the way they are.
Some folks go vegan after seeing how the sausage gets made.
I'm always annoyed when some real-world good or service is only available to people with a smartphone, especially when it wasn't always so. Blue Bikes (rentable bicycles) were in the past usable with a membership card, but it got phased out in favour of an app.