OTPs - Omnipresent, Typical, and Perennial

Financial transactions happening through cheques were at their peak till the turn of the century.

However, with the adoption of credit cards, debit cards, and online bill payment, their usage not just decreased drastically, but the common sentiment has been that checks are dead. In India, there has been significant progress regarding payments.

All this development has unknowingly given a solid familiarity for identity verification.

In today's ultra-connected digital world, passwords and Two-Factor Authentication are integral to personal and business transactions. Businesses selling goods and services online, or otherwise (for instances where the company is digital by default, regardless of its business) have these systems - remembering a password that has been created by you weeks/months/years ago for a particular site: capitals, lowercase, numerals, special characters, and so on.

They might be annoying, but they are a root cause for most of the corporate cyberattacks. Consumer identity verification is a prominent practice today and is tipped to grow – the Global Two-Factor Authentification Market, estimated at $1,5B in 2018, is projected to reach USD 8984.7 million by 2024. According to the Wall Street Journal, all Google accounts will be enrolled in two-factor authentication before the end of 2022.

We all received OTP numbers while logging into any website and application or making an online payment. However, who invented all this? 

One Time Password

A one-time password (OTP) is a password that is valid for only one login session or transaction. The concept of OPT came from TOPT (Time-Based One-Time Password Algorithm). TOTP is a computer algorithm that generates an OTP that uses the current time as a source of uniqueness. TOTP is the cornerstone of the Initiative for Open Authentication (OATH) used in most two-factor authentication (2FA) systems.

Several OATH members collaborated to develop a TOTP draft to create an industry-backed standard. In 2008, OATH submitted a draft version of the specification to the Internet Engineering Task Force (IETF) - the principal technical development and standards-setting bodies for the Internet. In May 2011, TOTP officially became Request for Comments (RFC) 6238 - an individually numbered publication in a series from a tiny group of bodies, most prominently the IETF. 

OTP - Recent usages and Developments

Last month, SBI launched a one-time password (OTP)-based cash withdrawal system for the ATMs. In addition, security padding has been supplemented with as a security measure. SBI account holders withdrawing cash from SBI ATMs will receive an OTP on their mobile phones during the transaction. The transaction will proceed only after the OTP is used to verify.

More recently - on 9 November 2021, Reserve Bank announced its first global hackathon – "HARBINGER 2021 – Innovation for Transformation" with the theme ''Smarter Digital Payments''. This hackathon aims to take digital payments beyond the present limitations of mobile phones and OTPs and make them safer.

OTPs – An integral part of any business

In March 2021, several customers in Bengaluru accessing their bank accounts or online transactions were left frustrated as the OTP never got delivered. This indeed left mobile banking users in helter-skelter. Imagine not getting these OTP SMSs as an enterprise banking user!

Digital transformation eminently is central to business strategies currently and user experience at the apparent peripheral. Unfortunately, most user experiences begin with an annoying transaction and one of the weakest links in terms of security. Still, businesses rely on one-time passcodes despite security issues.

Recent posts
Avalara TaxQuest: Sales tax implications for foreign businesses that use third-party warehouses in the U.S
Malaysia adopts new centralised e-invoicing system
Avalara TaxQuest Question: Do foreign businesses need to collect sales tax at U.S. trade shows?

Prepare your business for e-invoicing under GST

Discover how to meet all compliance requirements while integrating e-invoicing into your tax function.

Prepare your business for e-invoicing under GST

Stay up to date

Sign up for our free newsletter and stay up to date with the latest tax news.