• sms broadcast, sms blast, sms otp, sms masking, sms LBA, sms marketing, sms gateway, sms promo


One-Time Password (SMS OTP) is a technological mechanism through which a single-use password is generated and sent to the registered mobile number for the user to access the website. It is also known as two-factor authentication. Products like Google for Work, Paytm, and internet banking portals often use the SMS OTP mechanism to ensure the authenticity of the user and prevent identity thefts.

Online identity theft is a severe problem. Statistics from Identity Theft journal reveal that every year around 15 million people in the United States become a victim of identity theft and face a collective loss of $50 billion. Around 100 million Americans become vulnerable due to data thefts from the government or corporate databases.

Adopting the use of sending SMS OTP to verified users to access a specific site improves security, who otherwise could be vulnerable to phishing and keyboard logging activities. SMS OTP lends an additional layer of security to protect the digital identity of the end users.

Steps in the SMS OTP Process
Let us understand this in layman terms. There are as many mobile handsets in the world as the number of human inhabitants. In mobiles, SMS is a core functionality, and a mobile device is assumedly always with the owner.

When users create a digital asset or an account, they are prompted to enable the two-factor authentication system, apart from the usual username and password. Next time when the user tries to login, the system sends the temporary password (either four or six digits) to the registered mobile handset, and the user punches the code into the system. The code is a random series of numeric and alphanumeric characters. These SMS OTP’s are usually valid for a certain number of minutes. The information
flow works like this:

? User enters the username and password
? Request sent to backend
? Username and password matched
? User receives OPT via SMS
? User enters OPT and login to the site
…that’s it!

Let us go a step ahead and understand the two processes that happen before the SMS OTP is authenticated. These are Generation and Delivery. In the Generation process, the SMS OTP is created either based on time or through a mathematical function. In the time-based generation, the device is in sync with the authentication server to create a time-based SMS OTP.

In the second one, a mathematical function is invoked to generate the SMS OTP. In the Delivery process, SMS is the commonest of ways due to the extensive adoption of mobile phones. If the SMS OTP fails to deliver, the user immediately has the option to receive the code through the auto-generated IVR call. Implementation of SMS OTP SMS is the best way to protect enterprise data.

Features of SMS OTP
There are three characteristics of SMS OTP, which makes it a viable option for global leaders and tech giants to implement and ensure data safety. These features are secured access, simple infrastructure, and swift delivery. The whole cycle of SMS OTP begins and ends in a couple of seconds. Via SMS OTP SMS, the users receive four or six digit codes. Apart from the SMS system, users also receive the SMS OTP through IVR, or it can be generated by the consumer and delivered via SMS.

The SMS OTP is the prime way of authenticating bank transactions. Whether a user is logging in to access the account or transferring money, an SMS OTP is generated and verified to begin the next step. Banks like ICBC (China), OCBC (China), Commercial Bank of

Dubai (UAE), ICICI (India), Standard Chartered and Citibank employ secure SMS OTP SMS protocols. ICBC and OCBC have physical hardware to generate the code, Citibank has both SMS OTP and PIN to perform a transaction, and ICICI uses a combination of SMS OTP and security grid layer on the card of the accountholder to proceed.In countries like Australia, North America, and Europe, the SMS OTP method is used via SMS or IVR to deliver the code. Does SMS OTP SMS have any Vulnerabilities?

Presently, it is an ultra-secure way because users have complete ownership of their mobile handsets. If users lose the handsets, no transaction can happen unless the SIM is reported and replaced by the telecom provider.  BroadNet  maintains a secure and safe infrastructure to protect client data from any privacy breaches. The bulk SMS service, and other telecommunication and IT services are protected by strong security protocols. Endnote

SMS OTP SMS is a secure way to access and perform online transactions on any enterprise website from any industry. 

This post is a response to Here's Why SMS OTP Marketing is Literally the Worst Idea Ever.

One new text. Maybe it's that cute boy you've been talking to in chem class. Maybe it's your boss wanting to congratulate you on your performance. Or maybe, just maybe, it's an irresistible text offer from your favorite retail chain. What's the first thing you do? Open it, duh. If you swipe left and delete the message before even reading it -- well kudos to you, you're a borderline extraterrestrial. Personally, I can't remember the last time I didn't open a text message, and I'm sure you can agree.

Here's a little bit more about SMS OTP marketing and proof to back up my bold claim.
It's not spam.

SMS OTP messaging follows the rules of permission based marketing. It's 100 percent opt-in based. Simply put, customers have to give their expressed consent before receiving SMS OTP messages. This can be done in one of three ways. New subscribers can double opt-in¹ via web widget, add their cell number to a compliant sign-up form or text to join. The latter is the most common. After opting in, the new subscriber will receive an auto reply confirming their subscription. If the opt-in was accidental, they can simply reply STOP, and all messaging will cease.
Everyone reads texts. 

Ok, well almost everyone -- 90 percent of all text messages are read within three minutes of being received. This isn't just a fluffy statistic. Recent research gathered by Dynmark.com also suggests that "almost one third of of those targeted with SMS OTP advertising campaigns respond to the correspondence; with almost half of this group going on to make a purchase." This research totally speaks for itself. And yes, U.S. citizens can register with the do not call registry, but this has nothing to do with the sending and receiving of SMS OTP.

In the article cited at the beginning of this post, the author boldly claims that "a major chunk of the population is already registered with the DND." First, there is no clear statistical research backing up this assumption. Second, in the U.S., the Do Not Call registry protects consumers from just that -- unwanted calls. It's designed to prevent telemarketers from harassing consumers. This has absolutely nothing to do with text messaging. Now, if for some reason you do find yourself receiving unwanted text messages, you can file a complaint. But, knowing the permission-based nature of this marketing method, you may never confront this issue.

Character limitation forces marketers to get right to the point.
There is a 160 character limit on text messages. With SMS OTP, it's simply about providing an irresistible offer. There's no point in droning on and on with a 300-word marketing message. Subscribers are opting in to receive an exclusive offer, not to hear about how your day is going. Our current digital age rewards simple marketing messages with easy to understand calls to action. The 160 character limit on SMS OTP messages is actually ideal.

Now, just like with any other marketing method, can SMS OTP sometimes come off as obnoxious? Absolutely. But so can Facebook, direct mail, pay-per-click ads, and so on. It's not necessarily the channel, but instead the quality of the message and offer.