We all now use one-time passcodes (OTPs) to verify our identity online.
In the last few weeks, I’ve personally received OTPs from Amazon, Apple, Google, the UK Driving Licence Authority, my pension provider, payments app Yotta, National Savings and parking app Ringgo. Some OTPs were sent to me in text (SMS) messages, others arrived via email.
Identity authentication online using OTPs is much safer than using a single piece of information like a password. But OTPs are not safe, for a number of reasons.
In the latest episode of “Unseen Money” from New Money Review, security researcher Timur Yunusov and I discuss some recent scams that involved stolen OTPs—from a $2m theft from the family of a Moscow teenager to an industrial-scale carding operation in China.
Our story covers the security of mobile networks, tech giants Apple and Google, the business models of criminal masterminds and bagfuls of stolen phones shipped around the world.
*************
The New Money Review podcast brings you the best minds from the world of money.
From economics to payments, financial markets, technology, law, digital assets, crime and fraud, you’ll find an episode that interests you.