February 24, 2015 by

Every business needs to know about data protection

r-BIG-DATA-large570

Recent high-profile data breaches have become a permanent concern to many private and public organizations. As the amount of information stored in cloud is growing exponentially new opportunities arise in both positive and negative directions. But a company can’t start protecting its users data unless it doesn’t know what to protect. So a new way of understanding data protection takes its place as advanced technologies and policies are being adopted to protect our valuable data.

Technology identifies us

Today there are more mobile devices than there are people on earth. This number is multiplying five times faster than our population. Our saved passwords, fingerprints, browser history, face recognition, or any other similar data are in many cases more valuable than the device itself. And this way of identification has in many cases become a default condition to, for example, apply for a loan, transfer money, or login to your bank account. So our connectivity devices have strongly started to change the way we understand the opportunities that lie within them.

Minimizing every possible threat

Starting to understand what needs to be protected is definitely a challenging task to any company. Appropriate safeguards can be used in different confidentiality impact levels. So not all personal data should be protected in the same manner. In many cases, it might be necessary to limit the requisite data to accomplish your security and business purpose. As Heartbleed happened the main questions was how to avoid this happening again. There is always the unpredictable factor of human mistake, so what can be done to limit the possibility of accidentally mistreating sensitive data?

Could 2-factor authentication help?

One of the recent hottest topics in cyber security is 2-factor authentication (2FA). Some big names such as Dropbox or LinkedIn have had their lesson with extensive security breaches that resulted in adopting 2FA. More and more companies who work with sensitive data pick up this topic rather at earlier stage to prevent becoming a victim of another massive password leak. So, what do you need to know about 2FA? Impelling your users to adopt 2FA solution will vastly minimize the risk of hacking a single password. Instead, 2FA makes sure that only the user has the access for the key by sending it to their mobile device via different channel such as SMS.

Even more, the password is generated only when the user triggers it and expires after a short time to minimize the leaking possibilities even more. And last but not least, as 2FA uses your mobile device it’s more likely that other layers of security are being used as well, such as passcode or fingerprint protected lock screen. While SMS remains as a secure and reliable technology, 2FA via SMS is surely one of the fastest and securest ways to protect your users sensitive information.

Messente is at Mobile World Congress

If you are going to attend Mobile World Congress at Barcelona on 3rd until 5th of March, don’t hesitate to contact our team (team@messente.com) to learn more about 2-factor authentication and how your business can use it.

Read more about What is 2-step verification and why should you care

February 11, 2015 by

What is 2-step verification and why should you care?

Screen Shot 2015-02-11 at 13.53.33

One of the key trends of 2015 for web apps and services will likely be a much wider adoption of 2-step verification. In itself it’s not a security measure based on any new technologies and it is something that is already used by some service providers handling extremely personal information. Google and Facebook to just name a few.

To put it simply 2-step verification builds an extra layer of security on top of your existing account verification system. In addition to the regular user name and password a user is given a unique one time password or PIN code generated for this specific session only. The password has to then be entered correctly to log in.

This makes it much more difficult for any attacker to impersonate someone else and access his accounts or resources as simply getting a hold of your regular password and user name will not be enough.

How are the one time passwords delivered?

There are a few different ways:
1) E-mail. This is mostly used during the sign up process to make sure the e-mail address you claimed as your user name actually belongs to you. The reason why this is not widely used as a verification tool later on is that e-mail is generally not considered secure enough for password exchange. Also there is a high risk that in case someone has learned your passwords for any app, he has done it though gaining access to your primary e-mail account in the first place.

2) PIN code generating device. Used mostly by banks this verification method needs you to have a separate physical PIN or password generator which makes the whole process reasonably secure. This method however has a few major shortcomings – distribution and the cost of the physical devices being the most crucial ones.

3) Using mobile phone and SMS. The main reason this is the method used by Google as well as a few others is that it solves the security issues presented by e-mail and distribution/cost issues which come with dedicated password generating devices. At the same time it involves another physical device by making use of your phone, completely separating the two steps of the verification process.

Whenever a user wants to set up a mobile 2-step verification for an account, he has to tie his phone number to the account when setting it up and all one time passwords will be delivered to his personal number in the future.

Why should I care?

Phone numbers becoming an increasingly bigger part of our formal identity is an important trend for both web based service providers as well as the users.

a) General passwords are vulnerable. Leaks on a major scale have become more frequent last year. As data security keeps evolving, unfortunately so do methods of data theft. So leaks are unlikely to disappear. On the other hand the number of passwords people have as part of their everyday life increases year by year. As a result we are re-using passwords, creating them to be memorable and therefore vulnerable.

b) Users pay more and more attention to data security. If we are asked whether we would want our personal data to be 100% secure the answer is almost always yes. In practice people would sacrifice some security for added convenience. The question is to which extent.

Already now we would not trust a bank whose online banking environment only uses a regular password. The thought alone that the only thing standing between a hacker and my money is knowing the name of my goldfish would make me take my business elsewhere.

*****

Coming back to the very beginning of this post it is believed that 2015 will bring about the tipping point in adopting mobile 2-step verification driven by the increased concern for the security of personal data as well as resources.

In some cases is even predicted that 9 out of 10 service providers will embrace it as the new account security standard this year. In any case it is safe to say it will be not only used by financial institutions but all services (B2B or B2C) where a considerable amount of damage could be done by misusing your account.

February 3, 2015 by

Meet Messente at #MWC2015

mwc2015_banner

Once again Barcelona is the place to be when you are in the mobile world for the annual Mobile World Congress is in just a few weeks. As always there will be countless opportunities to catch up with your partners, meet new ones, network and have a sneak peek into the future of the mobile industry.

Messente will be present in Barcelona during the whole event (2. – 5. March) and we’ll have some cool news.

Want to meet up and catch up?

Tweet us @messente or drop us an e-mail at messente@messente.com.

January 13, 2015 by

On great support

support

For any company customer service and keeping all users happy is a big priority. Which is probably why a lot has been written about it. I think we’ve seen close to a hundred blogs dedicated on the topic. So at times the number of available suggestions, tips and case studies can be a bit overwhelming.

Instead of trying to take in everything that has been written on the topic make your own customer support revolve around a few key principles. Ones you always keep in mind and really believe in.

Although yours might be different – here’s what we believe in:

Getting to know the customers point of view

Try and put yourself in the customers place is the key. Always be sure you get the full overview of everything right from the start as nothing can be more irritating than getting hit by the boomerang of inquiries with questions which could have been asked in the beginning.

Time is of the essence

Time is always an important factor when dealing with customers. It is important to let people know they are being listened to and their feedback is being addressed. Sometimes it is necessary to prioritise, but at the same time leave no input unanswered.

Timely answers that can be understood

What goes to answers, sometimes you have to give the solution as quickly as possible before you can go in depth. In these cases providing an easy conclusion without the technical jargon nobody understands is a must. It can always be followed up with a more in-depth answer.

Got any ideas or posts of your own on this topic? Why not share them in Twitter with @messente

December 16, 2014 by

Easy tips and tricks how to improve your notification messages.

Blogile

Use SMS messages as important notifications. Its easy and effective way how to keep your customers up to date with relevant info. Here are few tips and tricks what to keep in mind.

  • Sender – Always use sendernames, phone numbers or short codes what are connected to your business or brand. Let the message receiver know who are sending them information and try to avoid randomly generated senders.
  • Interactive – Try to make your notification messages more interactive by adding them clickable mobile friendly webpage links. For example: Dear Bill, here is your booking number “12345” and you can view your booking documents by clicking: m.airline.com/booking12345. Kind Regards Your Airlines
  • Personalize – Try adding message receiver first name or other information in the text body. For example: Dear “First name”, due to the fog, your flight to Amsterdam, leaving Heathrow at 11h00 today, has been delayed until 13h30. We apologize for the inconvenience. Kind Regards Your Airlines
  • Contacts – Give message receiver possibility to get back in touch with you by adding for example phone numbers to your customer support.

Keep texting :)

December 2, 2014 by

Why should your service consider 2-step authentication?

passwordscloud

Security is a growing concern to many companies when their clients need to login and handle confidential information. The more  data we use online, the more possible data leaks there is. While big data makes companies more vulnerable to security threats, many complicated solutions have been taken into use to reduce the likelihood of abusing identity and confidential data.

Multi-factor authentication (MFA)

The usage of smart phones is growing and users have started to adapt more security measures to protect their information. So there are three possible factors that help to protect confidential information:

  • knowledge factors, such as passwords
  • possession factors, such as mobile phones
  • inherence factors, such as biometrics

2-step verification

Knowledge factor passwords have a higher chance of violation due to its nature of staying static. But changing this password every now and then raises the likeability of forgetting it. Inherence factor protection needs hardware to read a fingerprint or eye iris, which is simply impractical solution in most cases. That is why possession factors come in handy. SMS password method helps to add an extensive amount of security by sending out a random, one-time password (OTP) over SMS. The exclusivity behind is that SMS is reachable only to the owner of the phone while the password is useless after first time usage, or it will expire after a certain time. This makes OTP as one of the simpliest yet safest security solutions. World biggest brands such as Google, Facebook, Snapchat use 2-step authentication in addition to its basic password request. In Messente we have exclusively concentrated on delivering business and time critical SMS message to many financial services and web applications. It sure is one of the most effective and safest ways to cut down chances of information violation.

In case you want to learn more about security capabilities of SMS, simply drop us a line at support@messente.com.

Read more about Application to Person Messaging on the Rise

November 18, 2014 by

Boost your Christmas promotion campaign

the word 'sale' using colorful cubes

Did you know that the number of online searches like “perfect christmas present“ or “dress for christmas party” start increasing in numbers right after Halloween?

As a matter of fact most large retailers already report increased sales starting from 5-6 weeks prior to Christmas Day.

It’s the end of November now and in case retail is your line of work then surely the Christmas period has started in your office. But the holiday season is not only busy for retailers. Service providers from almost all industries use this time of year to get new customers and increase sales.

Here’s a few tips how some of our customers do it.

An increasing number of companies use SMS in different creative ways as a part of their Christmas campaigns to engage with their customers. The main reasons for this are quite obvious.

a) There are no technical restrictions to reach someone (like customers having access to internet or having/not having an app installed)

b) It’s delivered (and also read) instantly which works extremely well in case of time critical messages.

All this makes SMS one of the best call to action channels as well as one of the most sensitive channels available.

This is what we learned form some of our customers who have mastered the use of SMS in their holiday campaigns.

1) Expect a lot of competition

Whether you are in retail or any other industry your Christmas promotions are competing for customer attention with thousands of online offers. That is much more than just your local competitors.

Simple discount offers might work during the low season but not when fighting for attention with campaigns powered by some of the most creative advertising agencies in the world.

2) Make it relevant and personal

Make your message relevant for every single customer your send it to in order to maximise conversion. Most companies we have talked to who use Messente always opt for sending a more relevant offer to fewer customers rather than sending out a generic one to more people.

Segment your customer pool into as many smaller groups you can based on as much data as possible. Design your message carefully based on each group’s profile.

3) Master the timing

SMS enables to time your messages very accurately because the time from sending it out to getting read is usually less than a few minutes.

Try out different sending times and figure out what works best for your business.

4) Create a conversation

Sending out promotional messages is just the starting point. Successful companies work hard to engage people in conversations once they hit the stores.

Because Christmas promotions offer a great opportunity to get excellent insight about what your customers like. Take the opportunity to update contact information, renew permissions to get in touch every now and then or have people download your app.

5) Measure and analyse

Every promotion campaign should be regarded as an experiment. Measure as much as you can, not just the bottom line sales figures. Dig in all kinds of data starting from SMS delivery statistics to conversion of each step of the whole process.

Hopefully keeping all this in mind helps you to fine tune your Christmas promotions and make the most of it regardless of the industry you are in.

——

Read more on features which make your Christmas campaigns more cost effective.

November 10, 2014 by

Certificate Update for API Server on 15. November 2014

Current api2.messente.com HTTPS certificate will expire on 15. November 2014. We already have new one ready and will update it on the same day @ 21:00 UTC (23:00 EET).

Affected server: api2.messente.com
Date of update: 15. November 2014 @ 21:00 UTC (23:00 EET)
New certificateapi2-messente-com.crt

If you are using https://api2.messente.com/ for making API queries (not just http://), you will need to make sure you do not cache the https certificate.

There are known issues with some Java implementations, where the certificate is cached in the keystore and needs to be manually updated. Check this forum thread on how to clear the Java certificate cache.

If you are using some other ready-made library like cURL (PHP, C++) or httplib (Python), you should be already fine. Just make sure to double-check everything on the next day :)

November 2, 2014 by

Application To Person (A2P) Messaging Market On The Rise

world-map-dotted-black copy 2

Traditional Person To Person (P2P) messaging saw a decline for the first time last year, conversely to quickly growing popularity of various Over The Top (OTT) messaging services like WhatsApp, Viber, iMessage etc. However that has not stopped mobile network operators from exploring new opportunities to revive their messaging branches and Application To Person (A2P) messaging is predicted to overtake P2P messaging revenues already by 2016 – 2017.

Opportunities in the A2P market highlight the beginning of a new and different era for SMS messaging. Recent years showed steadily growing interest towards A2P service, whilst the growth of the traffic was primarily driven by the increasing number of mobile phone users across globe. A2P market was estimated to have a continuous 16% year-on-year traffic growth in 2013, while estimating an annual growth of 6% for 2013 – 2017.

As of right now common A2P markets trends include seeking higher-quality coverage and accommodating growing demand for direct connectivity to mobile operators. At the same time mobile network operators focus more on optimising their revenues by making use of their existing partnerships and seizing control of the traffic on the network.

Three major trends that presently define A2P market for the operators are:
– consolidating A2P services;
– handling progressively more wholesale relationships;
– handling the increasing amount of business traffic that previously bypassed them or was handled by the international aggregators.

Essentially what we see is SMS messaging changing its channels and value, while capitalising on the ubiquity of A2P service, thus allowing companies reach any audiences and any handset at low cost.

In case you recognise potential of messaging for your business, but don’t know where to start, check out our Quickstart Tutorials and Helper Libraries at www.messente.com/docs or simply drop us a line at support@messente.com.

 

October 20, 2014 by

Security Notification – SSLv3 POODLE Vulnerability

3466647774_d1be3fd5ab_z

On 14th October the OpenSSL team reported that version 3 of Secure Sockets Layer (SSLv3) is vulnerable at protocol level – called POODLE attack (Padding Oracle On Downgraded Legacy Encryption).

As a security precaution Messente has disabled SSLv3 in our servers therefore Messente HTTP API is no more vulnerable to the POODLE exploit.

In most cases your Messente https:// API integration should already support secure TLS protocol and no action is needed for Messente HTTP API users.

You can also take a look at Scott Helme’s step-by-step guide on mitigating this vulnerability on multiple platforms, web servers and clients.

If you notice any issues with the API calls to Messente servers, please let us know at support@messente.com and we will help you with integration to new and secure TLS protocol.