Let’s use banks as an example, but it applies to other services too. Why do banks rely on emails and sms to communicate login alerts, password changes, transaction confirmations and even promotional alerts?<p>It is sooo prone for phishing attacks! HTTPS helped us confirm the website we visit is legit along with being confident the data transmission is encrypted. Everyone managed to fall in line adopting this standard and relying on a certificate authority sitting in the middle.<p>Taking this one step further, why have banks not tried to create a secure messaging service where there is a certificate issued and associated with your website to validate authenticity.<p>Furthermore, the messaging service could be opt-in only, more accurate labelling of incoming messages, etc.<p>So my question is why does such a messaging standard/service not exist, has anyone tried but failed?
Because it would be fragmented and have 1000 incompatible implementations if it ever got that far.<p>Large institutions would prefer something they control 100%, email and SMS are only used because they became ubiquitous first.<p>But some companies use their apps as a secure alternative.
Another benefit that comes to mind is the cost saving of not having to send SMS’es. In some regions SMS’es go up to $0.25/SMS via services like Twilio/local variations.