Secure OTP-less user authentication solution by Times Mobile

Nitin Chowdhary , 1 week ago, 5 min read

As use of digital payments and online banking mushroom in India, instances of fraud have risen just as fast. India ranks 1st worldwide for identity thefts – 27.2 Million adults were compromised in FY22. Enterprises had to spend 1.3 Billion person-hours to resolve these identity thefts.

Identity-related frauds in UPI alone led to ₹200 Crore of losses to account holders FY21. This is estimated to be ₹500 Crore in 2023 (estimated to be proportional to the growth of transactions). Further, the recovery rate of these losses stands at an abysmal 2-8% of the lost money. In FY23, the Indian banking system recorded 13,530 fraud cases. In May 2023, the Reserve Bank of India reported the highest incidence of fraud in digital payments.

SIM swap or SIM-jacking has been identified as one of the most prevalent frauds in India that exploits the inherent weakness of OTP via SMS. Recently, a news report on TOI quoted RBI Governor Shaktikanta Das urging regulated entities to adopt better alternatives to OTP via SMS for second-factor authentication. Recently, ICICI Bank was quoted in a news report on the Times of India identifying types of identity fraud faced by their consumers.

To address the above, Times Mobile recently announced a partnership with to bring an SMS OTP-less authentication method to India called SAFr Auth. This technology verifies mobile possession via SIM in real-time without the use of a username, password or OTP to deliver a superlative customer experience.

When using the traditional SMS based OTP, the user has to go through a 7 step process shown below to authenticate themselves –

In addition to being prone to customer abandonment, this also leaves the user open to SIM swap and phishing attacks. In contrast, SAFr Auth has a simple 3 step process shown below –

In addition, SAFr Auth also eliminates fraud via the following process –

SAFr Auth verifies that the mobile number provided on the app (MSISDN A) matches the one detected by the mobile operator (MSISDN B). It also analyses additional risk signals to thwart phishing attacks.

This server-based architecture based on OAuth 2.X protocol that integrates the enterprise (bank) server and mobile network operators enables SAFr Auth to eliminate 90% of the fraud associated with two-factor authentication methods like OTP SMS.

SAFr Auth has been successfully deployed in a number of banks. A leading tier-1 high street bank in UK reported significant reduction in fraud and a smoother customer onboarding process leading to a 35% improvement in account approvals and a 25% reduction in customer abandonment. Yet another tier-1 bank in UK reported significant reduction in SMS OTP passcode related social engineering and account takeovers.

© 2023 Times Mobile /