Few respondents in Neustar-commissioned study confident they have tools needed to detect and prevent OTP fraud, majority are exploring alternative strategies
Research from Neustar, Inc., a TransUnion company, has found that despite the widespread adoption of one-time passcodes (OTP) for authentication, few fraud prevention decision makers are confident in their organization’s ability to detect or stop OTP fraud from happening. The majority of respondents are exploring less popular authentication alternatives while searching for technologies and partners to proactively address OTP fraud, according to the findings of a commissioned study conducted by Forrester Consulting on behalf of Neustar.
“Identity theft and fraudulent sign-ups are a growing problem for firms with customer-facing services. You want to make sure that users who sign up are who they claim to be and are authorized to interact with your organization”
The in-depth survey of 300 North American fraud prevention decision makers showed that customer authentication fraud is a major concern. To protect themselves and their customers, 60% of respondents currently use OTPs as part of their customer authentication strategy. This is in large part due to the positive reputation it has with consumers: 72% of respondents say customers perceive OTP authentication as secure and 71% of respondents say that OTP authentication is user friendly.
Unfortunately, the vulnerability of the mobile channel is weakening OTP effectiveness. Fraudsters have developed many ways to compromise phones and almost every respondent dealt with some type of mobile fraud in the past year. SMS OTP fraud attacks were commonplace, averaging in the double digits, even though one of the main reported challenges from fraud prevention decision makers is that they lack technology to detect and measure OTP fraud.
“Customer authentication fraud carries heavy costs for organizations and customers alike, and even methods that are considered as secure as SMS OTPs are targets for malicious fraudsters,” said Shai Cohen, senior vice president of Global Fraud Solutions at TransUnion. “This research confirms that most organizations don’t have the capability to effectively detect, prevent and mitigate OTP authentication fraud. Thankfully, there are strategies available on the market that firms can use to stay ahead of attackers.”
Read More: MarTech Outlook Magazine Recognizes Ai Media Group As A Top 10 Analytics Company
To stop SMS OTP fraud, most respondents want alternatives that do not negatively impact the customer experience and are looking for technology and partners to help them achieve that. Nearly seven in 10 respondents have begun investing in technology to help prevent OTP incidents. The most important capabilities to prevent SMS OTP fraud identified by respondents are the ability to identify high risk phone numbers (83%), the ability to detect a scam in progress before sending the OTP message (82%), and the use of decisioning techniques to determine the best OTP channel for use (78%).
“Identity theft and fraudulent sign-ups are a growing problem for firms with customer-facing services. You want to make sure that users who sign up are who they claim to be and are authorized to interact with your organization,” according to a recent report authored by Forrester vice president and principal analyst Andras Cser and former Forrester senior analyst Sean Ryan.1 A separate Forrester report authored by Cser and Ryan states, “Regardless of what authenticator method is used, the most important thing is that the process be secure end to end and that the user experience does not hinder productivity…Invest in risk-based, contextual authentication to identify anomalous access. Risk scoring, based on input signals such as time of day, geolocation, or IP address, adds intelligence and makes it possible to apply graduated responses.”2