Fergal Parkinson
Published on: February 21, 2023
They were once expected to be a kind of smart bomb that would be a terminal blow to crooks.
But lately the fraudsters have found one or two cracks that can allow them to bypass the hitherto completely impenetrable security OTPs provided.
There’s certainly no need to panic – OTPs are still largely a robust means of protecting users from fraud during transactions. But there are now some known ways fraudsters can bypass them.
One of the newest scams, for example, allows fraudsters to get hold of OTPs without even having the victim’s phone or a replica of it. Instead, they’ll send an SMS that appears to come from their target’s bank asking if they just made a high value transaction – a £10,000 holiday booking, say. The horrified account holder will reply ‘no’. A new SMS will then ask them to verify this reply by sharing the OTP they are about to receive. At the same moment the hacker will attempt to log in to an account belonging to their victim. This will initiate a genuine OTP being sent by SMS to their phone – but worried about that holiday booking, the victim will enter it as instructed. In so doing, of course, they are actually sending that access code to a hacker.
At the other end of the scale, on a cruder but more frightening level, is this version. A friend of mine was mugged recently. They took his phone and threatened him with violence unless he revealed his PIN to unlock it. Once they had that they could get into all his apps and begin causing mayhem with his money. Long after the phone was reported stolen they were still getting sent OTPs to facilitate their theft – because there was no correlation between the phone’s status as stolen and its ability to perform transactions.
There are multiple variations on these scams but you get the broader point – OTPs do have some vulnerabilities that can allow them to be bypassed by criminals.
This is a fast, frictionless and, crucially, entirely secure way of verifying users that is soon to be a very big deal in online security. For use at the point of onboarding and/or subsequent purchases, silent authentication gets rid of the vulnerabilities that OTPs have developed.
And the reason is that it’s based solely on the real time data around the user’s mobile phone.
We’ve been evangelical for years about how the key to online security is to use telecom data as it can tell us more about the user than any other insight. And that’s exactly what silent authentication does. So, it’s really gratifying to see it finally being adopted as the cutting-edge security weapon we always knew it could be.
And I hope it goes without saying, but we’ll of course be at the forefront of introducing silent authentication to mainstream use.
Our own version of silent authentication is called TMT Authenticate and brings data from over 50 telecom network operators globally into play. This means it offers genuine worldwide security protection to a standard never attained before.
It takes away that longstanding antagonism of having to choose between cutting edge fraud controls and a frictionless user experience: suddenly you can have both.
The ultimate winner here is the customer: because they never wanted to have to make the invidious choice between a fast, seamless online experience and feeling safe and protected either.
Now they won’t have to.
Last updated on September 18, 2024
"Phone number verification plays a critical role in helping to detect and prevent online fraud. TMT ID’s TeleShield product provides easy access to global mobile data, enabling us to enhance the actionable results of our MaxMind minFraud® services."
"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”
"Working with TMT’s TeleShield service has expanded our ability to detect fraud and minimise the risk to our business. TeleShield brings peace of mind and the opportunity to stop fraud before it affects our customers’ bottom line or the service."
"LATRO relies on TMT’s TeleShield to provide the most up to date and reliable numbering qualification information within our fraud reporting tools, enabling us to protect our customer’s revenues and empowering them to defend themselves against fraudulent numbers."
"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."
"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."
"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."
"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."
"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."
We provide the most comprehensive device, network and mobile numbering data available
Contact us > Chat to an expert >
