“Differentiation in OTP formats across financial and non-financial transactions”
Not sure if people have noticed that we’re sending mixed messages to those in our lives who are less digitally savvy than we are, and we need to arrest this before it’s too late.
- When online scammers first started fooling people, we started telling our loved ones… ‘Don’t share your OTP with anyone’.
- Now when courier agencies come to deliver something, they need an OTP to confirm that the package is being handed over to the correct recipient.
We’re communicating different rules, but expecting every person in our lives to make the right choice at the right time, which is not going to be easy – and by not thinking through, as a society, we risk undoing all the progress we’ve made in safeguarding the interests of our most vulnerable population.
So the proposed idea is to differentiate between financial and non-financial transactions by changing the format of the OTP, viz. –
- For any financial transaction, viz. where the recipient of the OTP has to make an outgoing payment, the OTPs should be retained in numerical form (e.g. 873249 – ideally 6 digits only coz 4 are too few and 8 are too many)
- For any non-financial transaction, viz. where the recipient of the OTP has to only prove his/her identity to receive something of value, the OTPs should be changed to alphabetical form (e.g. SHYZ or KDYSHT – 4 to 6 characters are enough)
Once this is done, communication and awareness around these 2 types of OTPs has to be done by all stakeholders – not just by digitally-savvy family and friends, but also banks, online shopping platforms, government agencies and the like.