The One-Time Password (OTP) is similar in abbreviation to another OTP (One True Pairing) we’re mostly familiar with, but while most of the latter are ones we adore, the former is one that can be of utter annoyance.
Remember when you wanted to buy a tweezer worth 80 cents from an online shop, but needed to waste a gruelling 15 minutes trying to get the One-Time Password sent to your mobile phone? Or worse still, after spamming the ‘Resend OTP’ button in your desperation to get something that cannot even get you your daily dose of Kopi-C (looking at you, inflation), they ALL come rushing into your message inbox?
Well, according to a report, Visa is said to be looking into cutting down the use of One-Time Passwords, or OTPs.
According to Ms Ooi Huey Tyng, Visa’s country manager for Singapore and Brunei, the aforementioned late-arriving OTPs, disabled phones while travelling, and simply, its ‘cumbersome’ nature, are reasons as to why these strings of random numbers (and sometimes alphabets) might soon be eradicated from our online transactions.
According to Visa, this system has been already been successfully implemented at banks in Britain, France, Australia and the Philippines.
What Are OTPs And Why Do We Need Them?
An OTP is defined as “an automatically generated numeric or alphanumeric string of characters that authenticates the user for a single transaction or session”. You typically encounter them while using iBanking services (to check your account balance, to transfer money) and making online credit card transactions (to shop online, to buy movie tickets).
With the randomised nature of the OTP, it makes the transaction more secure than user-created passwords – yes, that potentially image-shattering password you use for all the accounts you own.
Even with suggestions by websites to make your password stronger by using alternating capitalisations that make you feel like a teen in the early 2000s, the OTP is still considered to be the more secure means for transaction.
Hey, if the banks use it for monetary transactions, I’d say that’s something we can very likely rely on.
OTPs – A Necessary Evil?
Unless you sleep with your entire savings account in suitcases nestled under your bed, I think I can safely say that we live from our cards – whether you’re the type who withdraws cash from the ATM, or the hip, tap-and-go cashless type. New payment methods like the card-less Apple Pay, for example, just reiterates how efficient and weightless we want our daily lives to be.
With the new move, only transactions defined as ‘high risk’ will require another layer of authorisation via OTPs, and Visa is said to be working with banks to promote this ‘risk-based authentication’ approach.
Risk assessment considerations currently include the “transaction amount, regularity of the transaction in question, the location where the transaction is taking place and device information”.
However the Association of Banks in Singapore’s (ABS) Director Ong-Ang Ai Boon has stated that the move might cause a potential divide in opinions by customers. and pointed out that the move might not sit well with some.
“While this approach may please some consumers, there are also consumers who would prefer that every transaction be authenticated in the name of security (…) The one-time password helps to protect against online fraud. It is a secure way to authenticate that the customer making the online purchase is the rightful owner of the credit or debit card.”
Weighing Out The Pros And Cons
Personally, while it does seem like the days of needing to memorise a string of random numbers I receive via SMS, or encountering an onslaught of OTPs when I’m doing a purchase in an area with poor connectivity are soon to be over, I do agree with the ABS’ Director’s sentiments.
As annoying as it can be, having these notifications help me keep track of my (very precious) bank account and any transactions.
Take for example this Twitter user:
Is someone trying to hack me? Why am I receiving 2FA one time password on my phone for no reason?
— Darryl Kang (@dk) May 20, 2016
These are times when OTP-related messages are definitely welcomed.
While it is tempting to jump on the idea and fully embrace this possible change, I think it is currently too early to say if this will be a bane or boon, and we will simply have to wait for more announcements on the process to decide which side we’re on.
Featured Image: OCBC