Your statement “SMS is not encrypted” isn’t actually true. SMS is *mostly* encrypted. However… the message is encrypted in “hops”. The intermediate agents (Telecommunications Operators) decrypt the message, then re-encrypt it again when they pass it on.

The message between one mobile phone and another goes in four steps.

a) The message IS encrypted when it leaves your phone and travels as a radio wave to your telecommunications operator Telco A.

b) The Telco A decrypts the message when it arrives at their internal computer which handles messages — the SMSC (Short Message Service Centre).

c) The Telco A passes the message unencrypted over a private channel to the telecommunications operator Telco B which is the telco for the recipient.

d) Telco B passes the message encrypted over the radio waves.

In the case where the sender is a bank, then step (a) and (b) become…

(a/b) The bank sends the message to their telecommunications service provider Telco A over a channel which typically is encrypted via SSL.