Why should banks wave goodbye to authentication via SMS-OTP?
Authentication via SMS-OTP is considered outdated because of higher overall costs, low user convenience, and insufficient regulatory compliance in specific geographic regions, but primarily for practical security reasons.
Banks and financial institutions should phase out this method and replace it with more secure user authentication, such as via mobile apps or hardware tokens.
2. We help the leading banks
and fintech companies to
secure their digital systems
and bring trust to
customer journeys.
2014
Founded
550+
References
5
Continents
Powered by
4. Tragically Insecure
Phishing
Since the codes must be rewritten
to related applications, they are
susceptible to phishing.
SIM Swapping
Due to insufficient KYC processes
at telco, incorrect user may obtain
the SIM card.
Android Malware
Standard features of the Android
OS allow reading SMS messages
or screen contents (accessibility).
Telco Infrastructure
The SMS infrastructure is antique
and therefore, messages may travel
or be stored unencrypted.
5. And More Issues…
Way Too Costly
The more your users use your
systems, the more you pay for SMS
delivery.
Hard to Read
Since the text in SMS message is
not formatted, it is not easy to
review the operation.
Hard to Use
Since the code from SMS has to be
rewritten, there is additional friction
in user experience.
Low Compliance
Regulatory frameworks such as
PSD2 are suggesting shift away
from SMS codes.