Honey Badger

Adiós SMS OTP, we’re in love with a new authentication method

Administrator
Blog

SMS One-Time Password (OTP) is the most widely used two-factor authentication (2FA) method, and it’s not hard to see why: SMS OTP works universally without the need for clunky authenticator apps, doesn’t require specialist hardware like biometric solutions, and maintains backwards compatibility as devices and operating systems evolve over time.

Why then, are we so excited by a new 2FA solution we’ve named Silent Authentication? Is it love or lust? Let’s dig deeper and find out…

To appreciate Silent Authentication you must first understand the pitfalls of SMS OTP. The biggest flaw being that they are no longer considered secure. Bad actors have for a long time exploited SIM swap attacks which involves tricking phone company employees into porting a customer’s phone number to a new device and SIM card, resulting in SMS OTPs being sent directly to the bad actors.

In recent years fraudsters and scammers have become even more deceptive by using social engineering techniques to intercept SMS OTPs sent directly to users. This is commonly known as a man-in-the-middle attack and is often facilitated by a bad actor contacting the user under the pretence of being an employee at a trusted organisation. Subsequently, they ask the user to read out the SMS OTP they’ve just received for security purposes, thus intercepting the code and allowing them to take control of the user’s account.

If the security vulnerabilities of SMS OTP don’t faze you (and they should!) then also consider the customer friction they present. It can take up to 40 seconds to receive, enter and validate an SMS OTP. Customer friction is particularly high when accessing services from desktop or laptop devices, which require handover to a mobile device with SMS functionality, followed by the user manually typing in the code they’ve just received. The same laborious and frustrating handover process can be said for authenticator apps. If 40 seconds doesn’t seem like long, then consider that just one login to a service daily using this approach equates to just over 4 hours spent logging in over the course of a year!

Introducing Silent Authentication

With the limitations of SMS OTP in mind let’s explore Silent Authentication. Unlike SMS OTP and other passcode based solutions, Silent Authentication eliminates the need for a code altogether (gasp!). Instead, it uses the mobile network to determine that a user is in possession of a phone number. That might sound a little cryptic, but don’t worry, it’s simpler than it sounds. 

At a high level, rather than sending an OTP, a one-way function is used to generate a token on a user’s device without requiring any interaction from them. At the same time, the Mobile Network Operator is instructed to contact the SIM to which the phone number is registered and generate a token of its own (using the same one-way function). Finally the two tokens are compared. Et voilà! If the tokens match then the user is in possession of the device and they are authenticated.

The result is a streamlined two-factor authentication process that takes 3 seconds on average. Authentication can be triggered by entering an identifier (such as phone number as shown above), or simply by the press of a button.

What about other benefits?

You guessed it, Silent Authentication isn’t just about reducing friction and creating better customer experiences. Here are 6 other benefits of Honey Badger’s Silent Authentication solution that you should be aware of: 

Not susceptible to social engineering and phishing
Since there’s no passcodes involved there’s nothing for fraudsters to intercept.

Extremely high confidence in verified phone numbers
Silent Authentication is built on top of the Global System for Mobile Communications (GSM) standard that mobile network operators use to authenticate phone calls and data sessions.

Reduced support costs
With less friction and reduced reliance on users to remember passwords, wait for OTPs, download authenticator apps or enter codes, comes significantly less load on customer support teams.

Increased coverage and device compatibility
Silent Authentication isn’t limited by devices types and OS versions like biometric solutions.

In-built SIM swap checks and automatic failover to SMS OTP
Honey Badger’s Silent Authentication solution incorporates SIM swap checks, with automatic failover to SMS OTP when mobile network based authentication isn’t available ensuring users can always authenticate securely.

Seamless device handoff from laptop and desktop devices
Honey Badger can automatically detect non mobile devices and generate QR codes that users simply have to scan with their mobile device to complete authentication.

Silent Authentication. So is it love or lust?

With the drive towards passwordless and the limitations posed by SMS OTP we’re 100% in ❤️ with Silent Authentication. It’s a solution that both increases security and reduces customer friction. What’s not to love?! While it’s not a silver bullet for every scenario requiring authentication, it’s clear that the next generation of two-factor has arrived and Honey Badger is at the forefront.

Get a demo of Silent Authentication

Enter your email address and we’ll send over some times for a demo.

Honey Badger HQ

Subscribe to the Badger Blog

Related Posts

CloseMenu

Partner with us

Complete the form below and we’ll be in touch to kick off a discussion. 

Account Servicing

Stop fraud and improve customer experience during account servicing by eliminating SMS One Time Passwords (OTP). Instead, leverage phone based SIM authentication which involves comparing data generated by the Mobile Network Operator (MNO) with mobile device session data. This provides a foolproof way of proving that an individual is in possession of their two-factor device.

Benefits

This new approach to authentication isn’t susceptible to SIM swap attacks and doesn’t require the user to enter a password. Ultimately, account takeover attacks are blocked, while customer experience is improved and the time taken to service a request us reduced.

Made for

 LENDERS   ONBOARDING   AUTHENTICATION 

Get started via

 EMBEDDABLE WIDGET   API 

Pricing

 PAY PER AUTHENTICATION 

Request a demo

Contact Data Cleaning

Contact Data Cleansing verifies that the contact and personal information you hold isn’t out of date or inaccurate. Data is compared against the information held on file by Mobile Network Operators (MNOs). Whether processing a single record or sanitising thousands of records in batch, you’ll quickly identify bad data.

Benefits

The case for maintaining up-to-date records goes way beyond good practice for compliance and regulatory reasons. It’s critical to ensuring customers are contactable. Furthermore, it reduces security threats by ensuring communications aren’t sent to the incorrect individuals.

Made for

 LENDERS   FINTECH  KYC 

Get started via

 WEB INTERFACE   API 

Pricing

 PAY PER RECORD CHECK 

Request a demo

SIM Swap Detection

SIM Swap Detection is a critical step in stopping account takeover. Why? Because account takeover attacks commonly exploit the ease of which a phone number can be stolen by simply assigning it to a new SIM. This allows bad actors to intercept communications, such as SMS one-time-passwords (OTP), which are used by 93% of enterprises worldwide to verify customers.

Benefits

SIM Swap Detection instantly and silently checks the history of a SIM card to see when it was last swapped. Recent swaps indicate high risk of fraud, allowing you to take appropriate action, such as failing verification or requesting additional security procedures are followed.

Made for

 FRAUD PREVENTION

Get started via

 WEB INTERFACE   API 

Pricing

 PAY PER SIM SWAP CHECK 

Request a demo

Social Trace

Social Trace significantly reduces the risk of losing contact with your customers by diversifying communication channels. Simply drop the Social Trace widget into your onboarding workflow and allow customers to connect one or more social channels with just a click.

Benefits

Lenders who capture social channels are significantly less likely to lose contact with their customers. Why? Because different demographics prefer to engage over different channels. This is particularly important when it comes to collections. Initiating contact over different channels increases your chances of getting a response, which in turn increases the likelihood of resolving late or non payment. 

Made for

 LENDERS   ONBOARDING   COLLECTIONS

Get started via

 EMBEDDABLE WIDGET 

Pricing

 MONTHLY FEE 

Request a demo

Mobile Fraud Check

Mobile Fraud Check allow you detect fraud indicators using data provided by Mobile Network Operators (MNOs). Key checks include device overseas, call forwarding, SIM swap, a high risk number database lookup and much more.

Furthermore, Mobile Fraud KYC allows you to verify a person’s firstname, lastname, date of birth and postcode against the data held on file by MNOs. Since MNOs conduct their own KYC checks on new customers, it gives you the ability to match personal information you collect against a trusted and verified source.

Benefits

Mobile Fraud Checks happen instantly and with zero customer friction. The data held by MNOs is often more recent and reliable than other data sources and a level of granularity is provided,  allowing you to see how many and which KYC fields matched.

Made for

 LENDERS   ONBOARDING   FINTECH  RISK ANALYSIS

Get started via

 WEB INTERFACE   API 

Pricing

 PAY PER LOOKUP 

Request a demo

Mobile Data for Credit Risk

Mobile Data for Credit Risk delivers the data required to predict credit risk based on a persons mobile phone information. Key data attributes include the network provider, line type, and KYC match information. Working in partnership with lenders we’ve been able to clearly identify correlations between this data and the likelihood of a loan going into arrears.

Benefits

Open Banking Vs Mobile Data. Which is the most effective in predicting bad borrowers? A recent project with a UK lender compared a risk model built with Open Banking against a model built with Honey Badger’s Mobile Data. The results showed that both models outputted almost identical risk scores. The difference? Mobile Data could be deployed immediately with no customer friction required to calculate a risk score.

Made for

 LENDERS   ONBOARDING  RISK

Get started via

 EMBEDDABLE WIDGET   WEB INTERFACE   API 

Pricing

 PAY PER LOOKUP 

Request a demo

Geo Authentication

Geo Authentication™ provides frictionless identity verification that reduces abandonment rates. Users simply select images that they recognise from nearby to their address. In built anti-fraud controls ensure that valid users can complete the challenge whilst bad actors are blocked.

Benefits

Leading lenders such as Amplifi Capital use Geo Authentication during applications as an alternative to more intrusive identity verification checks, such as document uploads, that cause high friction and lead to increased dropouts. Completion rates with Geo Authentication are 28% higher and have subsequently helped drive an increase in revenue for the business.

Made for

 LENDERS   ONBOARDING   ACCOUNT RECOVERY 

Get started via

 EMBEDDABLE WIDGET   WEB INTERFACE   API 

Pricing

 PAY PER AUTHENTICATION CHECK 

Request a demo