Life after SMS OTP: what will be the next big thing in transaction security?

Clara Chennells|30 May 2018
Life after SMS OTP: what will be the next big thing in transaction security?

Remember VHS? The Sony Walkman? What about the dot matrix printer? These are things that were considered state-of-the-art in the 1980s – but are now only a fond memory. No-one in their right mind would, for example, release a new film only on VHS today. And yet incredibly, the SMS OTP, first conceived in the early 1980s, is still what secures online banking channels at most of the world’s financial institutions today.

We’ve moved on since the Walkman. We live in an age where our watches measure our sleeping patterns; our refrigerators order food for us; and apps tell us when we’re spending too much money. So why is it that OTP technology still factors in banks’ security plans when, in reality, it’s a relic that’s been obsolete for more than a decade?

In an industry as traditional and heavily regulated as banking, there is great hesitancy when it comes to straying from the known. And it’s true, banks do have a lot to fear. Implementing a new security method is a huge investment with no guaranteed returns. The new technology may cause trouble as the bank attempts to integrate it with its legacy systems. Customer adoption may be poor if the new technology is too complex. But the reality is that banks can no longer afford to remain stuck in the status quo.

The world is moving on, and banks should too: new regulations like PSD2 in Europe are demanding change, but so are customers. Competition is fiercer than ever, with challenger payment companies and digital-only banks threatening to step in where financial institutions fail. Yes, security by SMS OTP is much better than passwords, but its user experience leaves much to be desired, and its security is far from impenetrable.

The rapid development of technology has been accompanied by an equally rapid – and often more determined – evolution of new kinds of digital crime. SMS OTP, once thought to be the pinnacle of security, has also been proven to be vulnerable to hackers with the right motivation and resources. It’s lost its shining reputation to the new kid on the block, which offers what OTPs never can: the combination of security and a smooth user experience.

Push authentication doesn’t require the digital banking user to switch between apps, copy or remember numbers, or wait for a message to come through. With push authentication, communication between the bank and the user occurs over an isolated, encrypted channel that is not susceptible to the same attacks as passwords or SMS OTPs.

Furthermore, next to no input is required from the user – a single tap completes each simple, intuitive authentication event. With this kind of convenience, it’s not surprising that analyst firm Gartner expects push technology to dominate the authentication market in only two years’ time.

About the author

Clara Chennells

Clara Chennells

Copywriter

Subscribe to our newsletter for our latest news, press releases and events

logo entersekt

Entersekt is an international software development company based just outside of Cape Town, South Africa.

We are leaders in authentication, app security, and payments enablement technology, offering a highly scalable solution set with a track record of success across multiple continents.