Thursday, February 22, 2024

Ads by Google

Ads by Google

Nigeria: Lion kills zookeeper at Obafemi Awolowo University

Feb 21, 2024, 11:42PM ISTSource: TOI.inA zoo keeper was attacked and killed by a lion at the Obafemi Awolowo University in Nigeria. The zoo...
HomeBusinessDrop OTP? You'll still need phone

Drop OTP? You’ll still need phone

MUMBAI: RBI has asked regulated entities like banks to look at alternatives to SMS-based one-time passwords for second-factor


. While there are alternatives, a mobile


is central to all of them.
Bankers say that OTPs are susceptible to ‘social engineering’


where one manages to get the customer to divulge the password or obtains the same through a SIM swap.

The most common




is an authenticator app that requires the user to obtain a password from another application on the phone. Service providers have developed other options as well like tokens within the mobile app. While this establishes the provenance of the message, it still needs a phone.
Route Mobile, which provides a communication platform as a service, sends nearly four billion OTPs every month on behalf of various service providers. “The increase in digital adoption also increases the potential for digital frauds. We are seeing a gap between the emerging markets, which are seeing high growth without any discussion on the rising frauds,” Rajdipkumar Gupta, MD & CEO of Route Mobile. He said the rising frauds have prompted the company to launch TruSense division under Route Mobile UK to thwart identity theft.

TruSense has introduced OTP-less authentication, where the service provider will have a direct data connection with the user’s device, identify the number, and exchange a token with the device without the user having to enter an OTP. According to David Vigar, executive VP in charge of digital identity, biometrics are not a good standalone authentication option as developments in AI have brought in a new risk of deepfakes bypassing facial recognition.
“For the Indian market, the mobile phone is the best identifier as the customer must verify their identity before obtaining a connection. Emails are not as good as it is easy to generate fake email identity. Also, anyone can generate an email without KYC,” said Vigar.

Stay Informed: Subscribe to Our Latest News Updates Be the First to Know! Subscribe to Our Latest News Notifications for Up-to-Date Information, Exciting Announcements, and Exclusive Content. Stay Ahead of the Curve, Sign up Today! No Yes