Using WhatsApp for 2FA is the Future of Banking
- Jean Shin, Director Strategy and Content at tyntec
- 17.09.2020 05:00 pm Banking
From user authentication and password resets to transaction verification, two-factor authentication (2FA) offers basic but useful protection for consumers. The 2FA process typically sends an SMS sent to the customer with a one-time password (OTP). The OTP is entered alongside an existing username and password, confirming the user is who they say they are.
However, despite the critical security benefits that 2FA delivers, only 28% of consumers actually turn on the 2FA feature when it's available.
This predominantly happens because the 2FA process creates friction for the consumer. While SMS offers great convenience and global reach for business, relying solely on texting to deliver OTPs is costly and can create security risks including 'smishing', exploits and delivery failure.
With the increasing use of messaging apps, WhatsApp is an excellent alternative to SMS. WhatsApp can sidestep these issues and act as a great alternative or complementary OTP delivery channel.
Here's why we believe WhatsApp is a better option for 2FA:
Encryption is standard
The world's number one messaging app offers end-to-end encryption. Unlike SMS, messages sent over WhatsApp are encrypted at every step of the process, from the end user’s device to the business (and the other way around), in transit and at rest.
By integrating the API right into any authentication solution or business flow, businesses can leverage WhatsApp’s encryption technology while providing frictionless experience that over 2 billion people love using on a daily basis.
More consistent delivery
Delivering OTPs via SMS relies on the consumer having access to a cellular signal. That's not great for those who may be in an area with patchy coverage or for people on overseas trips who don't have international roaming. WhatsApp messages can be received by both cellular and crucially, Wi-Fi.
Also, by using a 2FA template pre-approved by WhatsApp, businesses can easily trigger authentication incidents to protect their customers throughout the customer journey.
The Indonesian commerce company Tokopedia deployed WhatsApp as one of its one-time password channels and achieved a 58% higher delivery rate than SMS.
Proven to boost trust
SMS has a credibility issue: how should a consumer know if the SMS they've received is really from a company, not a scammer? While 'senderID' can be deployed by a business to show a text is authentic, this is dependent on mobile operators who may or may not support the functionality. This offers logistical headaches and seriously worries consumers.
WhatsApp does not have this problem. WhatsApp verifies every Business Account and displays the WhatsApp green checkmark badge right next to the business name, providing end users with peace of mind and raising conversion rates.
Failsafe fallback
Let's not write off SMS entirely though. While WhatsApp is the world's most popular messaging app with over 2 billion monthly active users, there are still countries where penetration is low, so SMS may still be required.
It's why SMS can be deployed as a fallback if a consumer doesn't use the chat app.
Bigger than just OTP
Offering enhanced security for consumers is only part of a much bigger WhatsApp-powered CX picture. For example, Banco Azteca in Mexico stopped using SMS to deliver OTPs to customers opening a new account and replaced it with WhatsApp. This switch boosted new account rates by 30% a month.
Such a dramatic increase saw the bank adopting WhatsApp-driven services across its entire range of offerings from money transfers, balance checks and airtime purchases through to initiating loans; the latter has led to a 10% increase in loan application conversion rates plus an overall boost in customer satisfaction rates to 93%.
Easy to get started
The process of adopting WhatsApp can be simplified by teaming up with an official WhatsApp Business Solution Provider. Providers like tyntec manage the entire onboarding process from the WhatsApp Business Account creation to generating customizable message templates for OTPs.
Additionally, for the European market, it’s particularly important to work with a solution provider that is GDPR compliant by default and has data centres in Europe reinforced by secure data processing and transmission so that businesses and their customers can be sure their transactions are secure.