One-time passwords (OTP) remain one of the most widely used forms of two-factor authentication, despite their well-documented vulnerabilities. Earlier this year, a major UK bank was hit by an attack in which fraudsters diverted text messages from legitimate customers’ phones in order to bypass two-factor authentication and access accounts.
While this attack worked through a hole in telco network protocols, more common ways to bypass OTP-based security include porting a mobile number to a new SIM card through social engineering at the network operator, adding a new phone number to a bank account by impersonation on a call to the bank, mobile malware, and a host of man-in-the-middle attacks.
Besides the fraud, users find OTPs extremely cumbersome, seriously hindering banks’ efforts to craft exceptional user experiences on the mobile and online channels. Yet, customer experience is most important differentiator to attract new users and improve customer loyalty.
Convenience, simplicity and speed are the new standard. So where does that leave OTPs and what are the alternatives?
Join Karen Webster, Managing Editor of PYMNTS.com, as she talks to Sherif Samy, SVP North America at, Entersekt, and Uri Rivner, Chief Cyber Officer of BioCatch, about on the real cost of OTPs, in fraud and user friction. We will also explore winning mobile alternatives to OTPs, like behavioral biometrics coupled with advanced mobile app security.