Introduction

The API delivers a short-lived one-time password to a mobile phone number via SMS. The API then validates the code as input by the end-user into the service, in order to provide proof of possession of the phone number.

Key Benefits

- End-user familiarity.
- Increased security over single-factor authentication (username/password) or in card-not-present scenarios.
- Prevent fake account creation (bots).

Use Cases

- Onboarding to digital service (banking, social media, gig economy, retail, etc.): SMS One Time Password is used to prove that the user is in possession of the mobile device associated with the mobile number used for onboarding. This increases confidence for future uses of the mobile number and reduces instances of fake account creation.
- High-value transactions: In order to reduce payment fraud, the user may be asked to enter the OTP code sent to their registered mobile number.
- Account management e.g. password reset: To protect against account takeover, sensitive account management actions can be protected by requesting second-factor authentication by the end-user.