Snippet: For decades, the financial services industry has relied on one-time passwords (OTPs) for online user authentication. While OTP technology was state-of-the-art in the 1980s, technology has evolved, and the changes in computing power, the Internet, and the advent of mobile technology has rendered it no match for today’s most common fraud schemes.

What should banks be doing to prevent account takeover?

For decades, the financial services industry has relied on one-time passwords (OTPs) for online user authentication. While OTP technology was state-of-the-art in the 1980s, technology has evolved, and the changes in computing power, the Internet, and the advent of mobile technology has rendered it no match for today’s most common fraud schemes.

In an effort to provide financial institutions with the knowledge to understand the drawbacks of OTP-based systems, Entersekt recently teamed with fraud expert, Tom Wills, managing director of Secure Strategies. Together, Entersekt and Wills tracked the decline of one-time passwords and the consequences faced by some organizations that have deployed them. The team also explored fresh new approaches to multi-factor authentication that leverage advanced digital certificate and mobile technologies.

During the webinar, Wills and Entersekt’s chief technology officer, Christiaan Brand, covered the following topics:

  • A timeline of OTPs’ decade of failure
  • An explanation of OTPs’ inherent vulnerabilities and why they no longer stand up to man-in-the-middle attacks and other fraudulent exploits
  • A summary of the other important drawbacks to OTPs
  • Wills’ best practices for protecting digital banking channels
  • A demonstration of Entersekt’s unique approach to eliminating digital banking fraud while providing users a simple, mobile-enabled authentication experience

During the question and answer session, the following issues were also covered:

  • Known attacks against OTP authentication systems and how serious they are 
  • Actual risks to organizations using OTP generators
  • Solutions for transactions that are executed on a mobile device
  • How to conduct out-of-band authentication for mobile banking
  • The safety of biometrics for banking authentication
  • What can be done to stop banking trojans from being downloaded to user devices
  • The FIDO (Fast IDentity Online) Alliance

Click here to view the webinar recording.

Subscribe to our blog.


Entersekt editor

Entersekt editor

An avid scowler and violent sharpener of pencils, Editor’s bark is worse than her bite. Every scrap of writing that crosses her desk she treats with the same care she would her own privately published comic verse. Any orphans and misfits, she takes under her wing. After hours, she practices amateur type design and represents her local library in extreme kerning competitions.

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.