As use of digital payments and online banking mushroom in India, instances of fraud have risen just as fast. India ranks 1st worldwide for identity thefts – 27.2 Million adults were compromised in FY22. Enterprises had to spend 1.3 Billion person-hours to resolve these identity thefts.
Identity-related frauds in UPI alone led to ₹200 Crore of losses to account holders FY21. This is estimated to be ₹500 Crore in 2023 (estimated to be proportional to the growth of transactions). Further, the recovery rate of these losses stands at an abysmal 2-8% of the lost money. In FY23, the Indian banking system recorded 13,530 fraud cases. In May 2023, the Reserve Bank of India reported the highest incidence of fraud in digital payments.
SIM swap or SIM-jacking has been identified as one of the most prevalent frauds in India that exploits the inherent weakness of OTP via SMS. Recently, a news report on TOI quoted RBI Governor Shaktikanta Das urging regulated entities to adopt better alternatives to OTP via SMS for second-factor authentication. Recently, ICICI Bank was quoted in a news report on the Times of India identifying types of identity fraud faced by their consumers.
To address the above, Times Mobile recently announced a partnership with Sekura.id to bring an SMS OTP-less authentication method to India called SAFr Auth. This technology verifies mobile possession via SIM in real-time without the use of a username, password or OTP to deliver a superlative customer experience.
How SAFr Auth Works
When using the traditional SMS based OTP, the user has to go through a 7 step process shown below to authenticate themselves –
In addition to being prone to customer abandonment, this also leaves the user open to SIM swap and phishing attacks. In contrast, SAFr Auth has a simple 3 step process shown below –
In addition, SAFr Auth also eliminates fraud via the following process –
SAFr Auth verifies that the mobile number provided on the app (MSISDN A) matches the one detected by the mobile operator (MSISDN B). It also analyses additional risk signals to thwart phishing attacks.
This server-based architecture based on OAuth 2.X protocol that integrates the enterprise (bank) server and mobile network operators enables SAFr Auth to eliminate 90% of the fraud associated with two-factor authentication methods like OTP SMS.
SAFr Auth has been successfully deployed in a number of banks. A leading tier-1 high street bank in UK reported significant reduction in fraud and a smoother customer onboarding process leading to a 35% improvement in account approvals and a 25% reduction in customer abandonment. Yet another tier-1 bank in UK reported significant reduction in SMS OTP passcode related social engineering and account takeovers.
Competitive Landscape & Comparisons
Many companies are now trying to replace the old SMS OTP system because it is slow, inconvenient, and easy for fraudsters to attack. While Times Mobile’s SAFr Auth is one solution.
Traditional SMS OTP
- How it works: A 6-digit code is sent to the user’s phone by SMS.
- Pros: Simple to understand, works everywhere.
- Cons: Risky (codes can be stolen via phishing or SIM swap), slow, users get frustrated typing codes.
SAFr Auth (Times Mobile + Sekura.id)
- How it works: Verifies the mobile number directly with the mobile operator. No OTP required.
- Pros: Very secure, stops SIM swap and phishing fraud, only 3 steps instead of 7, seamless for users.
- Cons: Needs integration with telecom operators, may require fallback in areas with weak network coverage.
No responses yet