TECH CORE Infobip provides a secure SMS service for banks and financial institutions on its mobile messaging platform that even prying governments cannot intercept. It is also the first company of its kind to get a PCI DSS security certification, proving its security standards. Smart Chimps talks to CEO at Infobip, Silvio Kutic, about how this company services the messaging requirements of the financial markets, exactly how secure this system is, and what its further uses could be in areas including M2M and mobile health.
Smart Chimps: What is the difference between SMS services for banks and financial institutions, versus the rest of the world's users?
Silvio Kutic: SMS services for banks and enterprises in general have different technical requirements and fall into what's known as application-to-person messaging (A2P). A2P services are implemented through various types of integration with the existing enterprise systems and databases.
For the banks to be able to fully leverage A2P SMS services – control different aspects of delivery, assign roles and permissions, monitor costs, or get detailed reporting – a user friendly management system, ideally a web application, is necessary. Options like automatic sending and triggering are also a must.
With enterprise messaging, SMS messages originate from a database (a system), either automatically or manually. Of course, this is not the case with the ordinary texting between individuals as we know it (person to person), where the exchange starts from a mobile phone.
Naturally, there's an increased focus on security, even when information transferred via SMS is not something that can be used for scams or phishing, such as new account activity alert, without listing the bank account number, amount transferred etc. SMS services for banks must demonstrate adequate levels of security and stability, and comply with the banks' international security and QC certificate requirements.
SC: How is secure SMS changing how banks and other organisations look at mobile, and how are they taking advantage of these services?
SK: It gives banks more opportunities to introduce mobile services that previously were not considered viable or secure enough, such as PIN delivery.
This allows banks to make an impact with the mostly mobile-only Generation Y demographic, which expects more mobile services and more convenience that comes with transferring certain functions and processes to mobile phones. PIN delivery via SMS is natural to them while traditional methods, which are still prevalent today, such as postal delivery or over the counter services in a local branch office, are becoming too slow and too complicated for modern day consumers.
SC: Tell me about Infobip's technology and service; what makes it unique, compared to similar offerings from other companies?
SK: As a company we have years of experience in the area of messaging. We have unmatched coverage and connection quality through our established relationships with mobile network operators worldwide. Another key strength is our fully developed inhouse mobile services ecosystem and our dedicated team of developers. We're talking about 130-plus developers and additional 100-plus experts focused on telecom and internet technologies. These people are what make Infobip tick, allowing us to grow as a company and service a wide variety of markets and uses cases for A2P SMS.
Our platform is very versatile and our clients range from large banks and mobile operators, through to developers and tech startups, SMEs, wholesale clients, and resellers. For each different segment we need to provide appropriate tools to access our network, so we offer a choice between APIs and user friendly web apps, the customer then picks what is most suitable for their needs.
For banks in particular, we offer a complete solution through a single provider, which includes connectivity to mobile operators and access to telecoms infrastructure; everything from proprietary data centres to back end database integration, complete front end management and reporting, invoicing and billing, inhouse development and 24/7 support.
But above all, we have always remained true to the principles we established when we were a start-up, which is to be flexible to the needs of our clients and provide bespoke services. This is also reflected in the culture of the business which values and encourages creativity, thinking outside of the box and team spirit.
SC: Infobip has recently been awarded a PCI DSS security certification. What does this mean for the Infobip service and customers?
SK: PCI DSS certification is a very important independent validation that Infobip's processes and technologies can handle sensitive consumer data like payment cards PINs. Payment card industry requirements are based on stringent international standards for sensitive data protection, so compliance with those standards is essential, and proof that as a company we are able to deliver a level of service excellence.
PCI DSS certification provides extra assurance for banks, and their customers, that sensitive payment cards data is handled securely and in line with the most demanding standards.
SC: How do you see this type of very secure SMS service growing in the future, both inside and outside of the banking sector? For instance, Smart Chimps thinks there could be a market for this within the machine to machine (M2M) sector, and in areas such as mobile health and even within lighter services and mobile uses, such as wearable technology; what do you think?
SK: Now that our brand of a secure SMS channel has received the PCI DSS certificate, any business that requires reliable and secure direct communication with mobile users can use our platform.
M-health is definitely one area where our platform can be utilised. Medical information is extremely private and confidential data. The ability to deliver this type of information securely, and reliably, is of a huge importance in any situation where it can be difficult to see a doctor. This goes primarily for emerging economies, but also remote and rural areas of developed countries.
Delivery of administrative materials, documents, permits or court decisions is also viable, and has already been implemented in some countries. An added layer of security would do much to reassure recipients that their data will not be intercepted or abused.
Wearables is still an emerging ecosystem, but the mobility brought by wearable technology seems to be a perfect fit for the ubiquitous and reliable SMS. Devices worn by professionals in high risk occupations, such as the police, military or even commercial aerospace, can be programmed to transmit vital data to keep track of individuals and report back information. A similar scenario also applies to M2M communication, particularly for industrial applications, such as an oil rig or pipeline, or other installations that require constant supervision and monitoring.
SC: The world has recently been shocked by the findings of Vodafone's Law Enforcement Disclosure Report, which blew the lid off our perceptions of privacy when it comes to mobile communications. Is Infobip's messaging service secure from even the likes of prying authorities? If so, why and how, and also, does this mean the service could be used by regular people to protect their privacy?
SK: We're not so much in the spotlight because our clients are businesses and not individual mobile users. We have safeguards in place that prevent any outside party intercepting or reading an SMS message while it is in our system. The recent PCI DSS certificate that has been awarded to Infobip has reinforced our security credentials.
SC: What's next in the pipeline for Infobip? What does your product and strategy roadmap look like, and what challenges and opportunities lay ahead?
SK: In addition to enterprise clients, we're putting a renewed focus on developers. We recognise that they're the driving force behind the entire digital economy and there are huge opportunities for integrating SMS messaging into smartphone apps as well as online tools. We're approaching them with converged services that enable them to acquire, reach, engage and monetise users with our SMS, push notifications and direct billing services. This package is unique and we keep working on it to add even more features.
In parallel, we continue to develop our close-knit relationships with mobile operators, helping them monetise resources through innovative business models to become a more active participant in today's digital ecosystem and capitalise and build on their role as key technology providers and innovators.
Of course, we will continue to refine our enterprise offering by adding new features and maintaining the focus on security, reliability and support, which is absolutely crucial when providing high level services to high profile clients such as banks and financial institutions.
SC: Thank you, Silvio!