Solutions
Journeys Account login & access Online payments & transactions Account creation & registration Zero Trust network access
Fraud (types & vectors) Account takeover Social engineering & scams Threats – malware & bots SIM swap & call divert Synthetic identity
Compliance PSD2 & SCA KYC & AML
Platform
Intelligence Intelligence Engine Behavior Device Telco Ensembling
Orchestration Orchestration Layer Dynamic Interventions
Authentication Authentication Suite Callsign One
Integration Integration

Request a demo

Find out today the difference that Callsign’s unique solution can make to your business.

Seeing is believing.

General enquiries, support and press

Enquire

By submitting this form, you agree to Callsign’s Privacy Policy

Success

Error

Thank you for your request

Success

In the meantime, connect with Callsign for insights on authentication and fraud prevention

Back to the website
Back to Knowledge & Insights

Industry Insight: guidance on SMS OTPs for Strong Customer Authentication

PSD2 & SCA

At the end January 2020 UK Finance issued their updated communication on Strong Customer Authentication (SCA). SCA is the requirement for customers to verify themselves when making online payments and the communication highlighted the importance of all parties being ready well in advance of the compliance deadline. There is also a focus on the use of SMS OTPs (the delivery of one-time passcodes by text message). It’s clear that whilst this is a short-term solution to achieving compliance, issuers must have a plan in place for alternative authentication methods.

Banks have become increasingly reliant on the use of SMS OTPs as a way of authenticating customers. It’s a reasonably easy solution to implement and it’s something that users have become familiar with and know how to use. However, there are a number of disadvantages.

Firstly, it’s not a great customer experience for online payments. There might be times when there isn’t a mobile phone signal, or the text message simply isn’t received. This prevents the user from completing the online transaction. This impact on customer experience has a negative effect on NPS scores and an increase in call center volumes. Understandably this is a big concern for issuers and merchants.

Secondly, it’s expensive for issuers who have to pay each time an SMS is sent.

Thirdly (and most importantly for the regulator), it’s a method that’s highly susceptible to fraud. Through mechanisms such as sim-swap, call divert and SS7 attacks fraudsters are able to intercept OTPs and gain access to customer data.

It’s for these reasons that the regulator is pushing for firms to find alternative methods for secure authentication.

Longer term, biometric and mobile app-based authentication can provide a much more seamless payment journey. However, it is important to remember that this won’t suit all parts of society and there will be people that need different options. It’s important that we don’t exclude vulnerable customers.

It’s not about a one-size-fits-all approach but about banks being able to adapt the customer journey to suit the user’s needs.

Solutions such as Callsign’s platform give banks this flexibility so they are able to meet the compliance deadline. Whilst at the same time enhancing customer experience, reducing costs, and reducing fraud.

Callsign's Rachel Bentley, Head of Strategic Analysis provides guidance on the use of SMS OTPs for strong customer authentication:

More Insights

A change in approach for fraud systems?
Account takeover: protecting your front door
The authentication paradox: to replace or not to…

Want to read more?

See a full list of our latest news and articles.

Go to Knowledge & Insights