A More Secure SMS OTP Alternative: Instant Link™

Post by:
Yuka Yoneda
October 7, 2022
Post by:
No items found.
October 7, 2022
A More Secure SMS OTP Alternative: Instant Link™A More Secure SMS OTP Alternative: Instant Link™

Data breaches. Account takeovers. SIM swap fraud.  With fraudsters growing more sophisticated each day, it’s no secret that two-factor authentication (2FA) or multi-factor authentication (MFA) is now a bare minimum requirement that companies must invest in to secure their customers’ accounts. However, the most common form of MFA/2FA, called SMS OTP (or SMS one-time password), has several known vulnerabilities. If you’re already familiar with SMS OTP and its pitfalls, feel free to skip ahead to the section entitled What is Instant Link™?

What’s Wrong with SMS OTP? 

The challenges associated with SMS OTP are well-documented and basically fall into two buckets:

  1. Fraud: SMS OTPs can be easily intercepted by bad actors and therefore cannot be relied upon for their intended purpose of keeping fraudsters out of online accounts. For example, let’s say a fraudster already has a password to one of your online accounts and is initiating an online transaction on that account that requires an SMS OTP to be sent. By intercepting that SMS OTP, they can easily get the numerical password that was meant to be sent to you, and key it in to gain access to your account. So the SMS OTP that was intended to keep you safe actually went to the fraudster, allowing them to access your account. 
  2. The Customer Experience: SMS OTPs cause friction in the customer experience. If you’ve ever tried to log into an account or reset your password using an SMS OTP, you know that the experience of fumbling between your computer and your phone or multiple apps on your phone and trying to memorize a numerical password so you can type it in is not exactly seamless. SMS OTPs can also be unreliable with many consumers reporting that they initiated an SMS OTP authentication but never actually received an SMS code. 

So it’s clear that there are several reasons why companies are already starting to move away from SMS OTP, but what are the alternatives? While we offer several next-generation SMS OTP alternative solutions at Prove, one of our most popular is Instant Link because it blends some of the familiarity of a possession-based check like SMS OTP with added fortifications against account takeover and a better customer experience.

What is Instant Link?

Instant Link is a second-factor authentication (a.k.a, a “proof of possession check”) service that allows companies to embed a secure clickable link in an SMS text. Essentially, Instant Link looks similar to an SMS OTP at first glance and works in a similar way, but instead of a numerical passcode that can be intercepted, a secure link is sent via SMS that can be clicked by your customer to authenticate them and perform a secure “cryptographic handshake” confirming that it’s really your customer on the other end of a transaction. When a user clicks an Instant Link, the NIST standard of two-factor authentication is met. Optionally, Instant Link can fortify the SMS OTP standard by performing a mobile carrier authentication on top of the clicking of the link. The added mobile carrier authentication, in addition to IP address confirmation, adds a NIST approved multi-factor authentication. 

Some of the main benefits of Instant Link that Prove customers have found valuable for their businesses include:

  • Instant Link is a more fortified form of SMS OTP that mitigates many of the vulnerabilities of SMS OTP interception. While an SMS OTP can be intercepted by fraudsters as described above, with an Instant Link, there is no code to intercept and in most cases, the authentication is only successful when clicked by the intended recipient. 
  • Instant Link is API-based and is easy to implement (for most standard configurations).
  • Instant Link offers a much easier experience for customers. All they need to do is click as opposed to SMS OTP where a passcode must be entered.
  • Many companies also like Instant Link’s ability to include additional context for the customer with a branded webpage that explains the purpose of the link.

Do you have questions about Instant Link and how it can help you meet your fraud prevention and customer experience goals? Get in touch with us to have all of your questions answered .

Create secure frictionless customer experiences using modern identity solutions

Join over 1,000 businesses that rely on Prove across multiple industries, including banking, FinTech, healthcare, insurance, and e-commerce. Contact us today.

Prove: the world’s most accurate identity verification and authentication platform

Trusted by 1,000+ leading companies to reduce fraud and improve consumer experiences. Contact us today to learn how you can frictionlessly secure your digital consumer journey — from onboarding to ongoing transactions.

Keep Reading...Read our latest white-paper on this subject!

Tap the button below to read our latest white-paper on the subject as industry leaders.

Accelerate your onboarding

Contact us to learn how leading companies are using Prove Pre-Fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.

Create frictionless customer experiences

Get in touch to find out how we can help you identify your customers at every stage of their journey and offer them seamless and secure experiences.

Schedule a demo

Let our expert team guide you through our identity verification and authentication solutions. Select a date and time that works for you.

Schedule a demo

Find out how we can help you deliver seamless and secure customer experiences that comply with PSD2/SCA. Select a date and time that works for you.

Interested in more information about Prove Pre-Fill?

Download the Report

Download Aite-Novarica Group’s full report about Prove Pre-Fill, including a product overview, customer results, and how the product works.

Interested in more information about MFA?

Download the guide now to learn how you can improve security, cut down on fraud, and create the best possible customer experience.