A Passwordless Future for Banking: Moving Beyond OTPs with Mobile Identity as the New Foundation of Trust

Posted by Adrienn Sarkany 2 months Ago

Article written by Gautam Hazari, Chief Product & Innovation Officer XConnect 

Banks have spent decades adding layers of authentication to reduce risk, moving from passwords to One-Time Passcodes (OTPs) that are used almost ubiquitously today. Despite continued efforts to upgrade security, human behaviour remains central to the authentication process; fraudsters are simply taking advantage of the idea that they no longer need to break encryption, instead they simply need to manipulate the user.

The speed and scale at which fraudsters are exploiting weaknesses continue to grow, driving the urgency for banks to reconsider their authentication approaches. In the first half of 2025 alone, over £629.3 million was stolen through banking fraud and scams in the UK, according to UK Finance. Sophisticated threat methods, including Generative AI-driven attacks, are systematically weakening the security of OTPs, forcing banks to rethink how trust is established in the digital economy.

As confidence in user-driven authentication declines, banks are increasingly looking beyond the application layer and toward trusted network intelligence to anchor authentication integrity that fraudsters cannot easily manipulate.

OTPs Become the Weakest Link

Digital banking was built on the premise of making financial services easier to use without compromising security. For years, OTPs and 2FA were the bridge between these two objectives. As fraud tactics become increasingly sophisticated, this balance is becoming increasingly hard to maintain.

In a sector where fraudulent transactions carry significant financial and lasting personal consequences, the stakes are high. When authentication methods fail, the impact goes far beyond a single incident, with consequences including:

  • User trust and compromised security – When SMS OTP fails to secure users, it directly impacts trust; every breach and incident of unauthorised access caused by compromised OTPs undermines confidence in security measures. This erosion of trust leads to customer churn, as users seek more secure alternatives.
  • Operational inefficiencies – Reliance on SMS OTP introduces friction. Delays in OTP delivery can frustrate users, leading to increased support calls, decreased satisfaction and defection to competitors. At the same time, Artificially Inflated Traffic (AIT) continues to be a major problem, leading to banks being charged for SMS OTPs sent to bots or to numbers or users that don’t exist.
  • Financial and Legal Implications – Compromised SMS OTPs can have severe financial and legal implications. Businesses face direct financial losses from fraud, regulatory fines for failing to protect user data, and remediation and customer compensation costs. Legal repercussions can also arise, especially in jurisdictions with stringent data protection regulations.

For banks, the result is a dangerous illusion of security where controls appear to function as they should while fraud losses, reimbursement costs, and regulatory exposure continue to rise.

This raises a fundamental question around trust for financial institutions: if criminals can convincingly impersonate legitimate customers, how long can trust rely solely on user-driven authentication?

The reality is that banks can no longer rely on possession-based authentication. If the user can be convincingly deceived, any judgment-requiring task becomes a weak link.

With banks and their operations under siege from every angle, from Generative AI attacks to phishing and SIM swap fraud, network APIs can play a crucial role in reshaping security in financial services.

Establishing Trust at the Network Layer

It’s now widely accepted that traditional defences, including OTPs, are no longer enough; the strongest line of defence lies in the network itself.

Network APIs operate below the application layer, drawing on signals that customers never see and that fraudsters cannot intercept. They do not ask a user to approve a request or enter a code. Instead, they verify facts about the device, the SIM, the network and the connection in real time.

Crucially, these signals are not exposed to GenAI manipulation. A fraudster can clone a voice, but they cannot fake whether a SIM was recently swapped, if a device is attached to a network, or if a transaction originates from the expected mobile environment. They provide banks with a silent, universal, and hardware-secure solution.

This brings key strategic advantages to the financial sector including:

  • Secure network-level verification – Network APIs enable banks to validate attributes that are inherently difficult to spoof at scale, including device and SIM integrity, network location consistency, and indicators of account takeover activity, such as recent network-level changes. The SIM card’s inherent cryptographic capabilities make it a robust and secure method for identifying the user, ensuring the authentication process is secure against hacking and spoofing.
  • Streamlined costs – With Network APIs, the need for SMS OTP services and customer support expenses related to authentication issues is eliminated. At the same time, they significantly reduce the financial impact of fraud by preventing unauthorised access and fraudulent transactions.
  • Improved customer experience – On top of reduced costs and enhanced security, network APIs also offer a seamless customer experience. By removing the need for users to interact with the system, this eliminates the potential for errors and makes the process more user-friendly. They maintain consistent security across all devices, including basic handsets, feature phones, and smartphones, ensuring a universal, inclusive user experience.

A New Approach for Fraud Defence

Fraud is evolving at a rapid pace, and this forces the financial sector to reconsider long-standing assumptions. With this, the focus must shift toward removing customer decision-making from security where possible.

As AI enables fraudsters to scale deception with speed and precision, banks that ground trust in network-level intelligence will gain confidence in every mobile number from the moment it’s entered. Network APIs offer a robust, secure, and user-friendly alternative that addresses the weaknesses of SMS OTP, providing future-ready security for the financial sector, its reputation, and its customers.

Tags:
Adrienn Sarkany
View More Posts
Hello there! I'm a 21-year-old university student majoring in Finnish and Korean Language and Literature. I have a deep passion for art and a profound connection to the natural world. My journey through life has been a colorful one, driven by my love for creativity, music, and the wonders of the great outdoors. As a dedicated student, I've already earned a degree in Classic Cantos, a testament to my appreciation for the timeless beauty of classical music. Beyond the classroom, my artistic spirit thrives through my love for painting and drawing. These creative outlets allow me to express my thoughts and emotions, transforming blank canvases into vibrant stories. My interests go far beyond music and art. Singing, playing the piano, and exploring new melodies are integral parts of my life, providing me with both solace and exhilaration. When I'm not immersed in the world of art and music, I find solace in nature's embrace. My heart is drawn to animals and the serene beauty of the natural world, fueling my desire to protect and preserve our precious environment.