New Delhi: The Reserve Bank of India (RBI) has issued directives to regulated entities, including banks urging them to explore alternative methods for second-factor authentication and moving away from reliance on SMS-based one-time passwords. While there are alternative methods available, they all require the use of a mobile phone for authentication.
SMS-based OTPs Vulnerable to Scams
Banking industry experts have raised concerns about the vulnerability of SMS-based one-time passwords (OTPs) to “social engineering” scams which involve tactics like tricking customers into revealing their passwords or conducting SIM swaps. (Also Read: Google Pixel Phones May Get New Adaptive Touch Feature Based On Environment)
In response, the adoption of authenticator apps requiring users to obtain passwords from separate mobile applications has emerged as a favored alternative to OTPs. Service providers have introduced alternative solutions like tokens embedded within mobile applications. However, despite these advancements reliance on mobile phones remains integral to the authentication process. (Also Read: Google One Hits 100 Mn Subscribers After YouTube Music And YouTube Premium)
Route Mobile Sends 4 Billion OTPs Monthly
According to a report by The Times of India, Route Mobile, a leading provider of communication platform services reveals that it sends approximately four billion one-time passwords (OTPs) each month on behalf of various service providers. Rajdipkumar Gupta, the Managing Director and CEO of Route Mobile highlighted concerns over the surge in digital adoption leading to increased potential for digital frauds.
Gupta emphasized the need for attention to rising fraud rates particularly in emerging markets experiencing rapid growth. In response to these challenges, Route Mobile has launched the TruSense division under Route Mobile UK aimed at combating identity theft and enhancing security measures.
OTP-less authentication system
TruSense, the latest initiative from Route Mobile has unveiled a novel OTP-less authentication system. This innovative approach enables service providers to establish a direct data connection with users’ devices, facilitating identification and token exchange without the need for users to input OTPs.
David Vigar, the Executive Vice President responsible for digital identity, cautioned against relying solely on biometrics for authentication. He emphasized that advancements in artificial intelligence pose a significant risk, as deepfake technology could potentially bypass facial recognition systems.
RBI Proposes AePS Onboarding Streamlining
The Reserve Bank of India (RBI) has put forth proposals aimed at streamlining the onboarding procedures for Aadhaar-enabled Payment System (AePS) touchpoint operators, with directives to be implemented by banks. The RBI is contemplating the implementation of additional measures for fraud risk management in the AePS framework.