Are we ready for a world without OTP?
The amount of currency in circulation with the public grew almost 50 per cent in FY15-16, starting around the same time as now last year, the festive season. It made for front page business news!
ATM withdrawals showed a spike, "plastics" (cards) were the real show-stealer. Spends indicated a doubling in the last few years.
Partly, but not insignificantly so, because folks have got only too used to the three-letter word OTP (one-time password). It has become part of everyday lexicon, tripping off our tongues and running off our fingers with ease in our mad dash to get the "best deal" online.
This is on account of two reasons: (a) The user interface and overall end-to-end experience provided by banks, telcos and merchants has become smoother, faster and more reliable (b) the trust and safety factor has been built up within the payments industry and user community in the last few years, giving confidence to stakeholders.
(This is in spite of the fact that the two-factor authentication in its current dispensation is not the most elegant method.)
But has the almost ubiquitous OTP now run its course?
While we are exhorting consumers to transact digitally, the process is just not smooth enough. On the other hand, how do we get merchants to accept "cashless-ness" or go digital with the idea if the process and infrastructure is klunky and time-consuming, compared to current methods.
Is there a path to frictionless payment? Thus facilitating a move away from excessive dependency on cash and ATMs? There are a few ways.
Firstly, there has been a distinct change online (including mobile), where credit card users can leave "standing instructions" (SI) for small-value recurring-type payments. Typically, these are related to the insurance sector, top-ups for prepaid and DTH.
 |
| In today's world, there is a plethora (oversupply?) of payment options. (Photo credit: India Today) |
There are a few merchant-payment gateways (PG) issuing bank combinations which allow standing instructions such as "auto-debit" feature. The user just has to "agree" to "auto renewal" at the time of subscription or membership and it is automatically renewed at the time of expiry of the offer.
While you don't get an alert or notification for the transaction in advance, you get SMS intimation from your bank and email confirmation from the merchant service provider (payment gateway) on the transaction going through successfully.
You get a message: "Dear Customer, your Credit Card ending 1234 is debited for INR 199.00 on 07/10/16 for www.xyz.com. This is as per your instruction without additional factor authentication."
It is simple and straightforward. There is no OTP.
The online payment gateway should be compliant as per payment industry security norms to ensure overall safety of the card-holder's information through the entire cycle of "capture-store-forward".
Secondly, while this method is smoother, it’s not yet quite the elegant one-click of iStore or Amazon.
"1-Click", also called one-click or one-click buying, is the technique of allowing customers to make online purchases with a single click, with the payment information needed to complete the purchase having been entered by the user previously.
More particularly, it allows an online shopper using an internet marketplace to purchase an item without having to use shopping cart software. Instead of manually inputting billing and shipping information for a purchase, a user can use one-click buying to use a predefined address and credit card number to purchase one or more items.
Are we getting there?
The first step is to eliminate the OTP in non-recurring periodic transactions in the consumer payments space, the way it is done for SI. This is actually a fairly routine feature for digital media, content and e-commerce overseas.
This can be adopted with some first-mover help from "trusted" marketplaces, cab companies, ticketing, billing, content firms. And maybe with a little nudge from the regulator and savvy fintechs alike. An online news site or two has been quick off the block in implementing SI in India.
Thirdly, looking ahead at emerging technologies such as recent UPI, QR code, biometrics including palm vein, sound waves, block chain, mobile phone location, social media analytics, and even "selfies", all have the potential to "disrupt the disruptors". These emerging micropayment options though are yet to evolve into mainstream frictionless user experience.
Finally, in today's rough and tumble world of day-to-day payments, there is a plethora (over supply?) of payment options.
There are some great apps for mobile banking, money transfer and shop and pay. Then there are the old faithfuls viz net banking, prepaid cards, IMPS, wallets.
And lastly, the struggling to get off the ground, USSD. Which actually ought to be quite the default option for driving financial inclusion where network reach, signals and purchasing power are low.
All of these collectively ought to be able to make payments seamless both online as well as offline - to watch your favourite video or streaming service or news site or ecommerce site or pay at the kiranawala, corner shop and high-street mall.
One could "pay as you go" and your credit card or account would get debited with minimal hoops and jumps of authentication. No doubt the jury is still out.
In the time to come, be ready for a world without OTP.