Skip to main content

Improve Your Customer Authentication Strategy With More Secure One-Time Passwords

Customer using a one time passcode on a mobile phone

One-time passwords (OTP), those passcodes we get via text or email, seem ubiquitous. However, in the world of fraud prevention, customer authentication presents a tricky challenge. Consumers expect seamless digital experiences: those with little to no friction and the freedom to roam as they please. They also expect to be protected throughout their journeys — safe from the prying eyes of identity thieves and fraudsters relentless in their pursuits of obtaining consumer data. As fraudsters become even savvier, organizations are continually challenged to refine and reinforce their authentication methods while also delivering on consumer expectations.

OTPs, which are sent to a consumer’s device of choice, are appealing because they are simpler to use, more secure and accessible to all customers. With the growth of mobile fraud however, OTP is a big, flashing target, and organizations need to increase security protocols to help ensure consumer safety — or risk losing revenue, customer trust and market share.

To help organizations figure out how to better protect themselves and their customers, Neustar®, a TransUnion® company, commissioned Forrester Consulting to evaluate customer authentication fraud and one-time passcodes. In surveying 300 North American fraud prevention decision-makers, Forrester revealed the following key findings:

  • 60% of surveyed organizations use OTP, with SMS/text message being the most popular (73%) form.
  • OTPs sent to mobile phones are perceived to be secure since devices are likely always in users’ possession; however, mobile phone fraud is on the rise. Respondents using SMS OTP reported an average of almost 20 SMS OTP fraud incidents per year. And almost every respondent said they had experienced some type of mobile fraud in the last year, including such techniques as mobile malware, SS7 (Signaling System No. 7) hacking, unauthorized phone port to another carrier, call forwarding and SIM card swap.
  • 42% of step-up-authentication-solutions respondents said it’s hard to know and measure when OTP fraud has occurred. In fact, only one in three believed they say their organizations’ ability to prevent OTP fraud is optimized today; and 63% didn’t expect the threat related to customer authentication to go away over the next few years — 48% expected it to get worse.

To prevent OTP fraud, organizations must be proactive and implement solutions that help them identify high-risk phone numbers before sending the OTP and detect scams in progress before sending an authentication request. Using decisioning data to predict improved channels for authentication, solutions need to be more secure but not overly disruptive to the customer experience

One solution that complements the ease and convenience of OTP via SMS, and can be used as part of a proactive fraud prevention effort is TruValidate™ Phone Takeover Risk. Imperceptible to the consumer, Phone Takeover Risk evaluates phone numbers in real time for signals like reassignment, call forwarding or SIM swap, and helps identify a call as high or low risk before sending an OTP. The use of constantly corroborated data to link to a phone owner provides increased confidence in protection.

For additional insights and recommendations for improving authentication strategies with one-time passcodes, read the study or view the infographic

Do you have questions? Our team is ready to help.