The SMS one-time password (OTP) that was once considered the gold standard in the world of mobile security, is facing increasing scrutiny as the world slowly started moving away from it.
The tech giants like Apple and Google have released passkeys in an effort to remove passwords and SMS OTPs, while countries around the world like Malaysia have started banning financial institutions like banks from using SMS OTPs.
Since the SMS OTP is a huge source of revenue from mobile network operators, as well as big factor in them being one of the main players in the identity space, we have to wonder how this scrutiny will affect their business and position in the space.
What can they do to ensure they remain key players in mobile identity? We’ll find out in this blog post!
Let’s start by exploring the challenges of SMS OTPs, why major players like Apple and Google are moving away from them, and how mobile network operators (MNOs) can stay at the forefront of mobile identity.
What Are SMS OTPs and Why Are They on the Way Out?
You register an account or you log into an account, and you need to verify your identity. This is usually where SMS OTPs come in.
You type in your phone number, and an SMS containing a unique code aka the one-time password is sent to your phone. You then enter that OTP to verify your identity.
SMS OTPs have long been a popular method for two-factor authentication. However, for a while now, it’s been known that SMS OTPs carry significant security risks.
Back in 2017, the National Institute of Standards and Technology of the US Department of Commerce said SMS for 2FA was a deprecated solution for a few reasons:
– Phishing Susceptibility: Phishing scams can trick users into revealing their OTPs, compromising account security.
Did you know that phishing is the single most common form of cybercrime? Moreover, 94% of organizations were victims of phishing attacks at some point.
– SIM Swap Vulnerability: Malicious actors can exploit vulnerabilities in mobile network security to gain control of a user’s phone number, allowing them to intercept OTPs and potentially gain access to accounts.
SIM swapping has a huge success rate at 80% and it currently shows no signs of slowing down.
– SS7 Design Flaw: This flaw has existed since the inception of the SMS technology, and it allows cybercriminals to intercept or reroute SMS messages that contain one-time passwords.
– Poor User Experience: Waiting for and entering codes can be cumbersome and interrupt the login flow. And at times, the code never actually reaches your phone thus blocking a user’s experience.
With all that in mind, it’s no wonder we’re seeing the world turn to passwordless, phishing-resistant authentication methods: a trend strongly pushed by Apple and Google.
However, this presents a challenge for mobile network operators who get a big chunk of their revenue from SMS OTP traffic as well as the position of a kind of “manager” of users’ mobile identities.
In 2023, 1.3 trillion SMS OTP messages were sent. And that’s only the revenue, without counting the potential losses they would face if they failed to remain the key players in the space.
Traditionally, they’ve played a crucial role in verifying user identities through phone numbers. As OTPs fade, MNOs risk losing their position in the mobile identity landscape.
How MNOs Can Keep Their Key Player Role in Mobile Identity
Mobile network operators should work on future-proofing their role in the mobile identity and authentication space. This would best be done if they were to implement modern authentication solutions that still rely on their network infrastructure, such as IPification.
IPification offers a powerful alternative to SMS OTPs. It leverages a user’s mobile network connection to verify their identity without requiring any additional codes or steps. This makes it both secure and incredibly user-friendly.
More specifically, IPification utilizes various signals from a user’s mobile network connection, such as device information, and network data, to create a unique digital fingerprint. This fingerprint is then used to verify the user’s identity without compromising their privacy.
It’s bank-grade security — but not without the seamless user experience. To verify their identities, the users only need to enter their phone numbers and click once, after which they’re verified within milliseconds.
These solutions are trusted within the industry, with IPification even recently becoming an official channel partner for the GSMA Open Gateway platform, making it increasingly easy for operators to onboard these solutions.
Imagine a world where developers can easily tap into the vast potential of mobile networks. That’s the vision behind GSMA Open Gateway. It’s a game-changer for the telecom industry, acting as a single access point for developers seeking a wide range of network functionalities through standardized APIs, including anti-fraud solutions, mobile connectivity, cloud and edge solutions, payment, and carrier billing.
At IPification, we firmly believe that Mobile Network Operators (MNOs) are ideally positioned to be the leaders in mobile identity. Their existing infrastructure – one of the most powerful and comprehensive in the world – offers a unique foundation for secure and reliable authentication solutions.
This is precisely why IPification has been designed to seamlessly integrate with MNO networks. By leveraging their established infrastructure, IPification empowers MNOs to offer robust authentication solutions that go beyond SMS OTPs. This not only strengthens the overall security landscape but also allows MNOs to maintain their position of trust as the cornerstones of mobile identity.
Through GSMA Open Gateway and the CAMARA Project, mobile network operators only have to implement the IPification GMID Platform to get access to the complete set of IPIfication solutions which they can then offer to mobile app developers.
By embracing IPification (and other similar solutions), MNOs can ensure they remain at the forefront of secure and convenient mobile authentication.
We’d love to talk to you about it and analyze your current setup to see if IPification is right for you. Contact us to schedule a free consultation.
