- Banks do not find ATM PINs and OTPs a secure option anymore given that hackers can get to it easily.
- PINs are also subject to phishing attacks by unsuspecting victims.
- Banks are increasingly turning to smartphones and banking apps to authenticate users.
Every time you do a bank transaction, you get an OTP on your mobile phone and you’ll have to enter that to complete the transaction. In the case of ATMs and debit cards, you must remember and enter the right PIN to use your money. In many ways, we have grown up using PINs and OTPs for banking transactions, despite all the inconveniences and frustrations that come with it.
But should it continue when there are other options? Should banks move away from it? Let’s explore.
Are OTPs a secure option?
Banks do not find ATM PINs and OTPs a secure option anymore given that hackers can get to it easily. Advancements in technology including the availability of computers with high processing speed and sophisticated tools and technologies make it easy to break into secure networks and databases.
Take, for example, an incident that happened in a prominent UK bank in the early part of 2019. Hackers worked through a vulnerability in the telco provider to divert text messages, so they can override the two-factor authentication. Though the exact loss of this fraud is not known, there is no doubt that such cyberattacks are becoming relatively common with OTPs.
Further, these PINs are also subject to phishing attacks by unsuspecting victims. In fact, fraudsters posing as telecallers ask individuals for the OTP to verify identity or transaction, sanction a loan, refinance an EMI, and more. When unsuspecting people give out their OTPs or PINs, it is a field day for the fraudsters, as they have unfettered access to bank accounts.
By the time the fraud is realized and reported, it is too late, and the financial loss impacts both the customer and the bank.
Expensive and Inconvenient
Besides security issues, it gets increasingly hard for customers to remember PINs, especially if they have accounts in more than one bank.
Due to these aspects, many banks have already started moving away from these OTPs because they are a hassle to implement as it involves third-party providers. It is also not deemed to be a secure option anymore, not to mention the additional costs that come with using the services of third party providers for verification.
According to Tony Chew, Citibank’s global head of cybersecurity regulatory strategy, most banks today lack creativity and imagination when it comes to providing security. And he is not far away from the truth either.
Over the last few years, banks have strived to provide only the most basic functions and have rarely gone beyond it. But all that is likely to change, given some of the many breakthroughs that have been taking place in the world of authentication and security.
Banks are increasingly turning to smartphones and banking apps to authenticate users as it is a far more secure option than OTPs because many smartphones today use fingerprints and facial recognition to authenticate users.
The emergence of technologies such as Intel’s 3D RealSense camera makes it easy to implement facial recognition and other biometrics on smartphones, and also, offers better security than OTPs.
Still, these biometrics are not foolproof simply because they can be hacked by advanced algorithms. More importantly, it is a hassle for users and may not be as accurate as claimed by the manufacturers.
Due to these reasons, biometric is undoubtedly a better option than OTPs, but not exactly the most secure option by itself, unless it is used in combination with another technology.
An emerging alternative to the use of OTPs and PINs is Secure Authentication Without OTP (SAWO). This tool was born out of an innate need to have a secure authentication method that is also swift and inexpensive. In other words, it addresses all the shortcomings of PINs and OTPs.
The best part is that SAWO does not store any password and it is encrypted end-to-end, thereby making it a secure alternative to OTPs. This way, fraudsters cannot divert messages or hack into systems to steal passwords.
From a usability standpoint too, SAWO is simple to use. All that users have to do is enter the email ID or phone number associated with the account, SAWO triggers a phone lock of the trusted device as a kind of biometric check, and authenticates the device. So, no more remembering numbers or passwords for users. .
It is also swift, as it takes about 0.06 seconds to authenticate a user. More importantly, no third-parties are involved, so no delays as well.
Thus, a combination of security and convenience make SAWO a great alternative to the existing OTP and PIN system of authentication. As more banks embrace innovation, products like SAWO are sure to enhance user experience and security, as they present a win-win situation for both banks and customers.