Banks, Telcos to Chuck OTPs, Adopt Silent Authentication

The rise of SIM‑cloning and eSIM‑swap scams has exposed the limitations of SMS‑based one‑time passwords, prompting regulators and industry players to seek more resilient solutions. India’s Reserve Bank has mandated two‑factor authentication for all digital payments, but the guidance encourages banks to move beyond static OTPs toward dynamic, device‑centric methods. By integrating biometric verification and in‑app token generation, banks can satisfy compliance while offering a smoother user experience, especially for high‑value or cross‑border transactions.

Silent authentication leverages the mobile network’s ability to confirm that the device’s active SIM matches the number registered in the banking app, all without prompting the customer. Telecom operators provide the necessary signaling, and banks consume this data via standardized APIs to flag or block suspicious activity in real time. The technology’s extension to eSIMs ensures coverage across newer devices, while the development of OTP delivery within telecom‑owned apps further reduces exposure to SMS interception. This network‑level verification creates a hidden security layer that attackers cannot easily bypass.

For the broader ecosystem, the shift promises tangible business benefits. Consumers enjoy fewer transaction failures and faster checkouts, while banks see reduced fraud losses and higher approval ratios, directly impacting revenue and compliance costs. Merchants benefit from increased conversion rates as friction drops, and third‑party platforms like WhatsApp stand to capture a share of the estimated 10 billion monthly OTP messages. As behavioural analytics and device reputation scores become integral to the authentication stack, the industry moves toward a multi‑factor, context‑aware security model that balances safety with convenience.