Posted by Jacob Howell, Subex
When accessing personal information or conducting an online transaction, a One Time Password (OTP) is typically all that’s required to verify your identity. Although OTPs provide an extra layer of security, issues do arise. Jacob Howell, head of business solutions and consulting at Subex, reports.
Bad actors are using phishing scams to gain access to OTPs at an increasing rate. And, with OTP interception services available on the dark web, even novice fraudsters are successfully circumventing the added security. In addition to serious security concerns, SMS OTP two-factor authentication (2FA) process falls short in other areas, like customer experience. For instance, once a user enters their phone number, they must wait for the code to arrive. Sometimes it never arrives. These issues, along with the rising costs for businesses to send 2FA SMS messages, have accelerated the need for an alternative authentication method.
Will OTP vanish in a flash?
For businesses and communications service providers (CSPs), ‘flash call’ verification is rapidly becoming the preferred alternative to OTP 2FA. Juniper Research defines flash calling as” an authentication process that leverages mobile networks to authenticate users or actions. “
Juniper Research predicts that the number of flash calls used for authentication will increase from 60 million in 2021 to 5 billion in 2022. A longer view forecast, also by Juniper Research, estimates that flash calls will reach an incredible 128 billion calls by 2026, which equates to a compound annual growth rate (CAGR) of 128%.
This unprecedented growth can, in part, be attributed to its processing advantages. Basically, the system places a call to a number provided by the user. The user’s profile is then verified by authenticating the last few digits (usually 4 – 6 digits) of their phone number. While in most cases, the user isn’t required to do anything, sometimes flash calling requires the user’s interaction, such as selecting an icon or entering a password or passcode.
From the perspective of a business, flash calling is swift, cost-effective, provides additional security, and has fast application programming interface (API) integration. From a user’s perspective, it delivers a nearly seamless customer experience. However, with the exponential adoption of flash calling, CSPs need to look at the monetisation opportunities it can provide.
How will flash calling impact CSPs?
This year alone, it is expected that authentication-based messaging will generate $39 billion in revenue for mobile operators. However, as an increasing number of companies begin to migrate authentication traffic to voice, flash calls have the potential to wreak havoc on operators’ SMS revenues.
Another foreseeable headwind that service providers need to prepare for is increased competition from Over the Top (OTT) messaging app companies that provide alternative mobile network operator (MNO) messaging services. Historically, CSPs have lagged OTT players when it comes to implementing new services. On the other hand, OTT players have made their mark by being quick to identify market trends and pivoting in quickly to cater to changing consumer demands. For instance, OTT player WhatsApp has already announced its flash calling intentions and is working on integrating it within their applications, giving them a head start in meeting market demand.
OTT players entering the flash market also face challenges. There have been reports of users losing access to their accounts, such as what happened to WhatsApp users when they shared their verification codes with someone claiming to be from the company.
How can flash calls give CSPs a new revenue stream?
Service Providers will need to move quickly to begin monetising flash calls. However, in most cases, they do not currently have the technology needed, which results in their inability to monetise the service. For operators to capture this revenue stream, they will need to implement cutting-edge technology that will enable them to detect and validate flash traffic, as well as detect and protect against suspicious behavior.
For service providers to protect their Application to Person (A2P) revenue stream, solutions such as real-time fraud management systems, complex machine learning (ML) algorithms, and pattern mining tools will be essential. End-to-end fraud management solutions that provide 360-degree protection will also be essential. These solutions typically leverage artificial intelligence (AI) at every step of the process to effectively combat fraud and security risks. When capabilities such as statistical analysis, feature algorithms, auto ML, and data preparation are included, operators gain superior fraud protection over their OTT competitors.
Data pattern mining tools are another crucial component needed to detect evolving fraud patterns. This is made possible with enhanced rule modeling capabilities that can be configured to incorporate threshold, geographic, pattern, hotlist, spam detection, intrusion detection, and smart pattern rules.
From a revenue perspective, Juniper Research recommends that operators look at mirroring the business models of established A2P SMS market leaders. Their monetisation models almost exclusively rely on charging on a per-traffic basis. Adopting this model will enable operators to increase flash calling adoption, as well as revenues. While monetising flash calls comes with its challenges, the potential financial benefits far outweigh those challenges. But to overcome the head start of OTT players, service providers will need to move quickly.
This post was first published in Vanilla Plus Magazine