One-time passwords (OTP), those passcodes we get via text or email, seem ubiquitous. However, in the world of fraud prevention, customer authentication presents a tricky challenge. Consumers expect seamless digital experiences: those with little to no friction and the freedom to roam as they please. They also expect to be protected throughout their journeys — safe from the prying eyes of identity thieves and fraudsters relentless in their pursuits of obtaining consumer data. As fraudsters become even savvier, organizations are continually challenged to refine and reinforce their authentication methods while also delivering on consumer expectations.
OTPs, which are sent to a consumer’s device of choice, are appealing because they are simpler to use, more secure and accessible to all customers. With the growth of mobile fraud however, OTP is a big, flashing target, and organizations need to increase security protocols to help ensure consumer safety — or risk losing revenue, customer trust and market share.
To help organizations figure out how to better protect themselves and their customers, Neustar®, a TransUnion® company, commissioned Forrester Consulting to evaluate customer authentication fraud and one-time passcodes. In surveying 300 North American fraud prevention decision-makers, Forrester revealed the following key findings:
To prevent OTP fraud, organizations must be proactive and implement solutions that help them identify high-risk phone numbers before sending the OTP and detect scams in progress before sending an authentication request. Using decisioning data to predict improved channels for authentication, solutions need to be more secure but not overly disruptive to the customer experience
One solution that complements the ease and convenience of OTP via SMS, and can be used as part of a proactive fraud prevention effort is TruValidate™ Phone Takeover Risk. Imperceptible to the consumer, Phone Takeover Risk evaluates phone numbers in real time for signals like reassignment, call forwarding or SIM swap, and helps identify a call as high or low risk before sending an OTP. The use of constantly corroborated data to link to a phone owner provides increased confidence in protection.