Don’t Share your OTP


A one-time password (OTP), also known as a one-time PIN, is a password that is valid for only one login session or transaction you are going to perform digitally, through online banking system or a mobile wallet. OTPs avoid several shortcomings that are associated with traditional (static) password-based authentication. OTP generation algorithms typically make use of randomness, making a prediction of successor OTPs by an attacker difficult. This is necessary because otherwise, it would be easy to predict future OTPs by observing previous ones.

OTPs have been discussed as a possible replacement for, as well as enhancer to, traditional passwords. On the downside, OTPs can be intercepted or rerouted, and hard tokens can get lost, damaged, or stolen. Many digital platforms that use OTPs do not securely implement them, and attackers can still learn the password through phishing attacks to impersonate the actual user. Financial institutions offering digital financial services and mobile wallets are doing regular campaigns to educate their customers. OTP is a pin which is provided to complete the transaction not for sharing with anyone. In developing counties where unbanked population is in majority and people don’t know the basics of banking, phishing is quite easy to do.

Individuals who are new to mobile or online banking should be careful because OTP thefts could involve a person identifying himself as a bank employee and asking you for OTP or your credit or debit cards details with a promise to help you with completing a transaction or ensuring better services. They could con you into revealing your card number and CVV and then ask you to share the OTP received by you as a message from the bank and cheat you into completing an unauthorized transaction. Remember that no bank will ever ask you to read out your card details for verification or renewal over a phone call. As a rule, never share your card number, CVV or OTP with anyone. Once your card details are compromised, then all the money in your mobile wallet credit or savings account could be emptied.

Previous articleECC Approves Draft Policy For Auctioning NGMS Spectrum In AJK
Next articleRizwan, Fakhar join the list of 1000 runs scorer in T20 International