If it's not a physical token it is subject to MITM attacks. And then have all 4 carriers using the same AUTH system? Really? Some ISSO's aren't doing their job. 4 different sources should all be saying the same thing: "If one domino falls, they all go."