Eliminate OTP? You’ll need a phone nevertheless
MUMBAI: The RBI has requested that regulated organizations, like as banks, consider second-factor authentication options other than SMS-based one-time passwords. Although there are other options, they are all centered on a mobile phone.
According to bankers, “social engineering” scams that include tricking a consumer into disclosing their password or getting it via a SIM swap may also use OTPs.
An authenticator app that needs the user to get a password from another phone app is the most popular substitute for OTP. In addition, service providers have created alternative possibilities, such as tokens within the mobile application. This proves where the communication originated, but a phone is still required.
Every month, Route Mobile, a company that offers communication platforms as a service, distributes around four billion OTPs on behalf of different service providers. “Digital scams are becoming more likely as a result of the growing use of digital technology. There is a discrepancy between developing countries, where development is rapid, and developed markets where fraud rates are on the rise. Route Mobile’s MD and CEO is Rajdipkumar Gupta. He stated that in order to combat identity theft, the business launched the TruSense subsidiary under Route Mobile UK in response to the increased number of thefts.
OTP-less authentication is a feature of TruSense that eliminates the need for the user to input an OTP by allowing the service provider to establish a direct data connection with the user’s device, recognize the number, and exchange a token with it. The executive vice president in charge of digital identity, David Vigar, claims that although advances in AI have increased the possibility of deepfakes circumventing face recognition, biometrics are not a suitable stand-alone authentication solution.
“The cell phone serves as the ideal identification for the Indian market since it requires the user to authenticate themselves before granting access. The ease with which a false email identity may be created makes emails less useful. Additionally, without KYC, anybody may create an email,” said Vigar.
