Exclusive interview with Gautam Hazari, Chief Product & Innovation Officer XConnect

Posted by Adrienn Sarkany 3 months Ago

We’ve sat down with Gautam Hazari, Chief Product & Innovation Officer XConnect to discuss one-time passwords (OTPs) based on a very informative byline we published (A Passwordless Future for Banking: Moving Beyond OTPs with Mobile Identity as the New Foundation of Trust)

Why are one-time passwords (OTPs) and traditional 2FA increasingly vulnerable in today’s fraud landscape?

SMS-based One-Time Passwords (OTPs) have long been a staple in multi-factor authentication (MFA) processes, but they come with serious security challenges.

The fundamental issue with OTP is that it keeps users active in the authentication process and sacrifices security and user experience for ubiquity and familiarity. A code sent to your phone, which once felt secure, now represents a weak link in identity protection. These codes are susceptible to interception and real-time attack methods, including SIM swap and phishing, that capture sensitive data and codes in one move.

This is a vulnerability that is only set to intensify. With advancements in Generative AI (GenAI) driving more sophisticated social engineering techniques, the risk of users being manipulated into sharing OTPs rises, damaging trust in the channel and, in turn, spiking fraud levels.

 

How are fraudsters exploiting gaps in the A2P ecosystem, and what impact is this having on banks and mobile operators?

Harmful traffic and associated activities continue to blight the Application-to-Person (A2P) SMS landscape and create lasting damage.

One prominent type of fraud affecting the industry is Artificially Inflated Traffic (AIT), which exploits A2P by manipulating how messaging traffic is generated, routed and billed. AIT occurs when threat actors make an OTP or 2FA request to a premium number, incurring costs for organisations that originate the message.

On top of AIT, the industry is also battling with grey-route abuse and sender spoofing. These challenges arise when fraudsters exploit opaque international routing and weak sender verification to inject scam messages that blend into trusted communication channels.

This has a deep impact on many sectors. Banks and digital service providers face rising messaging costs, increased fraud exposure and damaged customer trust when official channels are compromised. This is also being felt on the mobile operator side, with A2P fraud leading to distorted traffic patterns and growing regulatory pressure to take action to address abuse.

 

What role does mobile identity play in reshaping secure authentication for financial services?

Mobile identity is levelling up secure authentication by tying digital trust into real, verifiable network attributes rather than one-off user actions. At the centre of this shift is the SIM.

The SIM has the superpower to remove the need for passwords and has already been doing so for the last three decades and more. This hardware-based cryptographic engine, which 5 billion of us carry in our mobile phones, does not rely on any other form of identifier or password at any point in the journey. Trust is established at the network and device level, not through information that can be guessed, stolen or socially engineered.

For the financial services sector, this shifts authentication away from what customers know or enter and instead works based on what networks can confirm, such as SIM integrity to device legitimacy and trusted connection patterns. This is a game-changer for the industry. Using the power of mobile identity means stronger protection against account takeover, Authorised Push Payment fraud and identity misuse, as well as reduced friction in high-value customer journeys.

These outcomes are at the heart of what XConnect is working to achieve: making global communications and digital transactions safer, more transparent, and more trusted. One way we’re putting this into action is through XConnect’s SAFr Auth. Our SAFr Auth solution addresses the fundamental weaknesses of SMS OTP by making authentication simple and invisible with no passwords to remember and no codes to enter. This is helping the financial sector to keep its customers safe while quietly strengthening protection against fraud.

 

How can APIs be leveraged to verify numbers in real time and proactively prevent fraud?

APIs make number verification far more dependable by using live network intelligence rather than basing security on static lists or the information a user types into a form. Their use centres around the concept that the best password is no password.

By connecting directly to trusted operator data through a single, easy-to-integrate API, organisations can verify a phone number is genuine, active and legitimately linked to the person submitting it in real time. These checks take place in milliseconds, stopping fake, inactive or recycled numbers before they reach account setup, login or payments.

And, as if this wasn’t enough, APIs also combine multiple network-level risk signals in one place, including recent SIM changes and unusual activity patterns. This creates an inclusive security umbrella powered by the SIM as a built-in cryptographic engine.

Unlike OTPs, they do not depend on the handset or user input, deliver consistent security across device types, and keep authentication invisible; it’s this distinction that allows for a human approach to digital identity.

 

Looking ahead, how do you see authentication evolving over the next 3–5 years in response to growing cyber threats?

Authentication is expected to become more continuous, contextual and automated within the next few years. This will make trust more seamless across the entire user journey, rather than proving identity verification at a single login point.

Stronger device-level security and embedded credentials will also make hardware itself part of the trust model. As a result, authentication will become less visible, more adaptive, and more integrated into digital experiences.

Guided by the belief in “Identity for All”, the goal is to make trusted digital identity universally accessible to help create a safer digital world for everyone. Ensuring a solid technological foundation over the next few years will be critical to moving towards this goal.

We’re moving into a world where identity needs to work quietly in the background, without passwords, friction or second-guessing. Solutions like XConnect’s SAFr Auth make that real, giving people a simpler, more secure way to access what matters to them, while opening the door to a more inclusive digital experience for everyone.

 

Tags:
Adrienn Sarkany
View More Posts
Hello there! I'm a 21-year-old university student majoring in Finnish and Korean Language and Literature. I have a deep passion for art and a profound connection to the natural world. My journey through life has been a colorful one, driven by my love for creativity, music, and the wonders of the great outdoors. As a dedicated student, I've already earned a degree in Classic Cantos, a testament to my appreciation for the timeless beauty of classical music. Beyond the classroom, my artistic spirit thrives through my love for painting and drawing. These creative outlets allow me to express my thoughts and emotions, transforming blank canvases into vibrant stories. My interests go far beyond music and art. Singing, playing the piano, and exploring new melodies are integral parts of my life, providing me with both solace and exhilaration. When I'm not immersed in the world of art and music, I find solace in nature's embrace. My heart is drawn to animals and the serene beauty of the natural world, fueling my desire to protect and preserve our precious environment.