One-time passwords (OTP) — those passcodes we get via text or email — seem ubiquitous. However, in the world of fraud prevention, customer authentication presents a tricky challenge. Consumers expect seamless digital experiences; those with little to no friction and the freedom to roam as they please. They also expect to be protected throughout their journeys — safe from the prying eyes of identity thieves and fraudsters relentless in their pursuits of obtaining consumer data. As fraudsters become even savvier, your organization is continually tasked with refining and reinforcing their authentication methods while also delivering on consumer expectations.
OTPs, which are sent to a consumer’s device of choice, are appealing because they’re simpler to use, more secure and accessible to all customers. However, as mobile fraud rises, OTPs have become a prime target. To help protect consumers and preserve revenue, trust and market share, you must fortify your security protocols.
OTPs are under threat and must be protected
To aid in that endeavor, TransUnion® commissioned Forrester Consulting to evaluate customer authentication fraud and one-time passcodes. In surveying 300 North American fraud prevention decision-makers, Forrester revealed the following key findings:
- 60% of surveyed organizations use OTP, with SMS/text message being the most popular (73%) form.
- OTPs sent to mobile phones are perceived to be secure since devices are likely always in users’ possession; however, mobile phone fraud is growing. Respondents using SMS OTP reported an average of almost 20 SMS OTP fraud incidents per year. And almost every respondent said they experienced some type of mobile fraud in the last year, including techniques like mobile malware, SS7 (Signaling System No. 7) hacking unauthorized phone port to another carrier, call forwarding and SIM card swap.
- 42% of step-up authentication solutions respondents reported difficulty in detecting and measuring OTP-related fraud. In fact, only one in three believed their organizations’ abilities to prevent OTP fraud were optimized, 63% didn’t expect the threat related to customer authentication to go away over the next few years, and 48% expected it to get worse.
Secure OTPs with better phone number risk detection
To combat OTP fraud, you need to proactively implement solutions that identify high-risk phone numbers before sending OTPs and detect scams in progress prior to sending an authentication request. Using decisioning data to predict improved channels for authentication, solutions need to be more secure but not overly disruptive to the customer experience.
One solution that complements the ease and convenience of OTP via SMS — and can be used as part of a proactive fraud prevention effort — is TruValidate™ Phone Takeover Risk. Imperceptible to the consumer, Phone Takeover Risk evaluates phone numbers in real time for signals like reassignment, call forwarding or SIM swap, and helps identify a call as high or low risk before sending an OTP. The use of constantly corroborated data to link to a phone owner provides increased confidence in protection. By incorporating this layer of intelligence into authentication workflows, you’re empowered to stay ahead of fraud — while delivering the friction-right experiences your customers demand.
