Share :
Introduction
The "end of SMS OTP" has been much heralded in recent years. And with good reason: the European DSP2 directive, the rise of Fintech and the emergence of new authentication methods have called its effectiveness into question. However, the SMS OTP (One-Time Password) is far from having completely disappeared. In fact, it continues to play a key role in many use cases and payment types.
What are the authentication rules for online payment?
PSD2 (Payment Services Directive 2) came into force in 2019, with a key component: strong customerauthentication (SCA). This obligation requires 2 of the following 3 factors to validate a transaction:
- Something I know (e.g. a password)
- Something I own (e.g. a telephone)
- Something I am (e.g. a biometric fingerprint)
SMS OTP only ticks two out of three criteria. It therefore remains partially compliant, but not sufficient on its own for payments requiring strong authentication.
SMS OTP can always be used as a complement to strong authentication or outside the DSP2 perimeter, depending on the case.
When is SMS OTP still used?
Despite being phased out for regulated payments, SMS OTP is still relevant in many cases of two-factor authentication:
Secure access (excluding payment)
- Access to a customer portal or corporate intranet
- Connection to a SaaS or CRM tool
- Authentication to a remote system or VPN
- Validation of password or email change
Services not directly covered by PSD2
- Validating account creation
- Electronic signature
- Confirmation of personal data modification
- Phone number verification
- User account reactivation
Online payment (in certain cases)
- Transactions under €30 (exempt from SCA)
- Payments with SCA exemption accepted by the bank
- Payments outside the European Union or via players not covered by PSD2
- Payment validation via professional virtual cards, often used in SaaS tools such as Spendesk, Pennylane or Qonto. In these cases, SMS OTP provides an additional layer of security, while meeting minimum authentication requirements.
Why is SMS OTP still a useful tool?
| Advantages of SMS OTP | Limits |
|---|---|
| Universal (no need for third-party applications) | Less secure than biometric methods |
| Easy to deploy on the corporate side | Can be intercepted by SIM swap attacks |
| Used in concrete business contexts, such as purchase validation via corporate virtual cards (Spendesk, Pennylane...) | Dependent on mobile network |
| Haute délivrabilité (plus de 97% reçus <1min) | — |
The smsmode point of view©
At smsmode©we believe that SMS OTP is not obsolete, but in the process of being reconverted. It remains a useful security tool, provided it is used properly, particularly in :
- where simplicity of integration takes precedence;
- where the user does not have a dedicated app (banking app, authenticator, etc.);
- or for additional means of verification.
Our dedicated OTP infrastructure guarantees fast, reliable delivery (SLA >98% in under a minute).
How smsmode© can help you
By choosing the SMS OTP solution from smsmode©, you benefit from:
- 🎯 A dedicated channel for sending OTP or the payment link
- 🔒 24/7 deliverability monitoring
- ⚡ Guaranteed immediate reception rate
- 💬 A support team to help you integrate
Use cases covered :
- E-learning portals
- SaaS business tools
- Secure remote connection
- Audit of accounts receivable
Try out our SMS platform and benefit from 20 free test credits, with no obligation.