Verify

Verify and validate customers globally using their phone number.
Velocity

Discover the network provider for every mobile number globally.
Authenticate

Protect customers, accounts, and transactions within your app.
Live

Discover if a mobile number is assigned to a subscriber.
Score

A real time phone number credibility score.
TeleShield™

Identify if a number has the propensity to be used for fraud.
Banks and Financial Services
E-Commerce
Insurance
Mobile Messaging
Gaming & Gambling
Communication and Service Providers
Identity & Verification Providers
eBooks
News
Developers
FAQ
About us
Events
Careers
Contact us
Articles

OTPs vs Authenticators

Zoe Barber

5 min read
A promotional graphic for an article about OTPs vs authenticators by Zoe Barber.

What are OTPs and Authenticators?

Over the last five years, a myriad of identity verification solutions have taken the stage, with OTPs and authenticators being the two most notable. But what are they? With fraud accounting for nearly 40% of all crime in England and Wales, businesses are finding themselves exploring modern solutions in attempts to reduce financial and reputational damage. For smaller enterprises, securing the registration and account usage processes is focal. However, larger enterprises that host high-value transactions face greater security requirements. Businesses of every size have turned to OTPs and Authenticators to protect their customers.

 “A one-time password (OTP), also known as a one-time PIN, one-time authorization code (OTAC) or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device.”

Definition of OTP from Wikipedia

“An authenticator app is usually installed on a smartphone and generates a 6-8 digit code every 30 seconds. The code can be used for signing in, trading, depositing, or withdrawing   funds from an account.”

Definition of Authenticator from Kraken

An OTP is most commonly an SMS message sent to the mobile number given during the signup process, which when submitted to a web form will give the user access. Authenticator apps and SMS OTPs are both forms of 2FA (Two Factor Authentication) – along with email codes and phone calls – both of which decrease the likelihood of fraud and signal that you take fraud seriously, but how do you know which one is right for your business?

What are the benefits of OTPs?

  • An industry norm, which means customers are already comfortable with how they work. Familiarity with a system can reduce the likelihood that customers will become frustrated – therefore less abandonment in the middle of signing in or purchasing.
  • There is limited friction with SMS OTPs – no smartphone requirement or app store account necessary.
  • OTPs can alert customers to a potential Account Takeover in real-time, giving customers a heads up that it is time to quickly change their passwords or contact a bank.

What are the downsides of OTPs?

  • SMS OTPs are vulnerable to SIM-Swap attacks. This is where fraudsters convince a SIM provider to move SIM information into a new SIM in their possession, leading to the fraudster receiving all texts and calls.
  • Though SMS OTPs are recognisable, they still provide friction. Certain authenticators provide a faster verification process – which in turn feels better for the customer.
  • SMS OTPs also require mobile coverage – for those living in the countryside, or any building with thick enough walls, this could be a familiar pain point.
  • SMS OTPs are vulnerable to key-logging malware.

What are the benefits of Authenticators?

  • Authenticators are attached to the app on the device itself, so unless your mobile is stolen, it is unlikely to fall prey to a SIM-Swap attack. The codes are stored on your phone and expire.
  • Authenticators work without cell service or Wi-Fi, giving your customers an extra layer of convenience when being authorised.
  • Authenticators can deliver a speedy onboarding process when designed well, for example, by selecting a matching number to the one given.

What are the downsides of Authenticators?

  • Authenticators are not perfect – if a fraudster can get malware onto a phone, they may have unlimited access to real-time codes.
  • They require the user to download an app and have access to an app store.
  • Having multiple authenticators can start to clutter your customer’s phone, leading to frustration.
  • They are not familiar to an average consumer; the less tech-savvy could be apprehensive to adopt this method of verification.
  • Authenticators can be more costly and complicated for a business to set up.

Which is better, OTP or authenticator?

Both have advantages: authenticators provide a higher level of security but a less comfortable customer experience, OTPs are more convenient for the customer and business in general, but less secure due to SIM-Swap fraud. This conundrum – ‘security vs convenience’ – is a common one, luckily there are supplements to both forms of 2FA that can remove large pitfalls, allowing businesses to provide an elevated level of security without sacrificing customer experience.

Mobile Data turning 2FA into MFA

When you use a mobile as your 2FA you turn your phone number into a digital identity device. To do this you must assume that the customer has access to the phone number, which is not always the case. However, when used in tandem with MNO (Mobile Network Operator) data, mobile numbers become a resourceful proxy for digital identity. This is because MNO data can inform you of various data points indicative of genuine identity.

The benefits of MNO data are substantial, for example, MNOs can provide information on whether the SIM has been swapped and when; if the number has been recycled; if the device has been changed; if it has been reported lost or stolen; and if the device in use is the one attached to the number submitted. When you have this information in aggregate – along with an OTP – confidence in an individual’s legitimacy is exceedingly high. MFA (Multi-Factor Authentication) is the new 2FA – layering less obstructive methods of authentication can create a robust, customer-friendly security system.

Companies like TMT provide GDPR-compliant access to MNO data to help your business stay ahead of the curve on digital identity and fraud prevention. TMT is helping insurers, banks, software developers and service providers to positively identify new customers, authenticate users and protect all manner of transactions from identity fraud and attacks. TMT works behind the scenes, using real-time data from mobile networks and devices to enhance your existing systems so you can focus on building ever better, more profitable customer experiences.

Last updated on March 28, 2024

Contents

Related Articles

A promotional graphic for an article about OTPs vs authenticators by Zoe Barber.

OTPs vs Authenticators

 Man holding smartphone with a frustrated expression and facepalm gesture against a promotional background for real-time live age verification.

Real Time Live Age Verification

 Hand holding a playing card with online age verification concept art.

A Complete Guide to Online Age Verification
What Our Customers Are Saying

"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”

 Business Telecommunications Services

"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."

 Global Message Service

"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."

 Global Voice

"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."

 Alberto Grunstein - CEO

"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."

 Luisa Sanchez - VP of SMS and Messaging Solutions, Identidad Technologies

"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."

 Deutsche Telekom Global Carrier

Ready to get started?

We provide comprehensive device, network and mobile numbering data available.

Contact us > Chat to an expert >