OTP will no longer be required for online transactions, new method is coming!
pc: navbharattimes
Whenever you make an online transaction, you receive an OTP (One-Time Password) via SMS for verification. This OTP verification ensures that the online payment is not tampered with and protects you from any fraudulent activities. Now RBI is planning to bring an even further safety method. RBI is working on authentication framework. RBI has asked banks to consider SMS-based one-time passwords as an additional security option. But whatever the alternative, the utility of mobile phones will remain.
The most common alternative to OTP is an authenticator app, where users need to receive a password from another application on their mobile phone. Service providers have developed other alternatives such as token-based systems in mobile apps. But all these processes require a phone.
How successful will the Authenticator app be?
Rajdeepkumar Gupta, CEO of Root Mobile, says that his company sends about 400 crore OTPs (one-time passwords) every month through various service providers. However, with the advancement of digital systems, concerns about fraud are also increasing. He mentioned that the growing threats of fraud have prompted the company to launch the TrustSense division. TrustSense has introduced OTP-less authentication, where the service provider establishes a direct data connection with the user's device, identifies the user through their mobile number, and facilitates the exchange of tokens without entering the OTP. Does.
But, there is also a new risk of deep fakes
David Wigger, executive VP of digital identity, argues that biometrics alone are not the only and best authentication option due to the emergence of deepfake technology, which weakens facial recognition. According to Vigar, for the Indian market, mobile phones emerge as the most effective identifier as customers need to verify their identity before establishing a connection. Email is not as secure an option, as it is relatively easy to create a fake email identity. Additionally, anyone can generate the email without any KYC (Know Your Customer) process.