MUMBAI: RBI has asked regulated entities like banks to look at alternatives to SMS-based one-time passwords for second-factor authentication. While there are alternatives, a mobile phone is central to all of them.
Bankers say that OTPs are susceptible to ‘social engineering’ frauds where one manages to get the customer to divulge the password or obtains the same through a SIM swap.
The most common alternative to OTP is an authenticator app that requires the user to obtain a password from another application on the phone. Service providers have developed other options as well like tokens within the mobile app. While this establishes the provenance of the message, it still needs a phone.
Route Mobile, which provides a communication platform as a service, sends nearly four billion OTPs every month on behalf of various service providers. “The increase in digital adoption also increases the potential for digital frauds. We are seeing a gap between the emerging markets, which are seeing high growth without any discussion on the rising frauds,” Rajdipkumar Gupta, MD & CEO of Route Mobile. He said the rising frauds have prompted the company to launch TruSense division under Route Mobile UK to thwart identity theft.
TruSense has introduced OTP-less authentication, where the service provider will have a direct data connection with the user’s device, identify the number, and exchange a token with the device without the user having to enter an OTP. According to David Vigar, executive VP in charge of digital identity, biometrics are not a good standalone authentication option as developments in AI have brought in a new risk of deepfakes bypassing facial recognition.
“For the Indian market, the mobile phone is the best identifier as the customer must verify their identity before obtaining a connection. Emails are not as good as it is easy to generate fake email identity. Also, anyone can generate an email without KYC,” said Vigar.
Bankers say that OTPs are susceptible to ‘social engineering’ frauds where one manages to get the customer to divulge the password or obtains the same through a SIM swap.
The most common alternative to OTP is an authenticator app that requires the user to obtain a password from another application on the phone. Service providers have developed other options as well like tokens within the mobile app. While this establishes the provenance of the message, it still needs a phone.
Route Mobile, which provides a communication platform as a service, sends nearly four billion OTPs every month on behalf of various service providers. “The increase in digital adoption also increases the potential for digital frauds. We are seeing a gap between the emerging markets, which are seeing high growth without any discussion on the rising frauds,” Rajdipkumar Gupta, MD & CEO of Route Mobile. He said the rising frauds have prompted the company to launch TruSense division under Route Mobile UK to thwart identity theft.
TruSense has introduced OTP-less authentication, where the service provider will have a direct data connection with the user’s device, identify the number, and exchange a token with the device without the user having to enter an OTP. According to David Vigar, executive VP in charge of digital identity, biometrics are not a good standalone authentication option as developments in AI have brought in a new risk of deepfakes bypassing facial recognition.
“For the Indian market, the mobile phone is the best identifier as the customer must verify their identity before obtaining a connection. Emails are not as good as it is easy to generate fake email identity. Also, anyone can generate an email without KYC,” said Vigar.