May 13, 2025 - 5 min read

Using SMS OTP for online payment

Introduction

The "end of SMS OTP" has been much heralded in recent years. And with good reason: the European DSP2 directive, the rise of Fintech and the emergence of new authentication methods have called its effectiveness into question. However, the SMS OTP (One-Time Password) is far from having completely disappeared. In fact, it continues to play a key role in many use cases and payment types.

What are the authentication rules for online payment?

PSD2 (Payment Services Directive 2) came into force in 2019, with a key component: strong customerauthentication (SCA). This obligation requires 2 of the following 3 factors to validate a transaction:

SMS OTP only ticks two out of three criteria. It therefore remains partially compliant, but not sufficient on its own for payments requiring strong authentication.

What the regulations say:

SMS OTP can always be used as a complement to strong authentication or outside the DSP2 perimeter, depending on the case.

When is SMS OTP still used?

Despite being phased out for regulated payments, SMS OTP is still relevant in many cases of two-factor authentication:

Secure access (excluding payment)

GOING FURTHER

Best practice guide: SMS 2FA

Services not directly covered by PSD2

SUCCESS STORY

Oodrive dematerializes the signature with SMS OTP and improves its customer experience

Online payment (in certain cases)

Why is SMS OTP still a useful tool?

Advantages of SMS OTP	Limits
Universal (no need for third-party applications)	Less secure than biometric methods
Easy to deploy on the corporate side	Can be intercepted by SIM swap attacks
Used in concrete business contexts, such as purchase validation via corporate virtual cards (Spendesk, Pennylane...)	Dependent on mobile network
Haute délivrabilité (plus de 97% reçus <1min)	—

The smsmode point of view^©

At smsmode^©we believe that SMS OTP is not obsolete, but in the process of being reconverted. It remains a useful security tool, provided it is used properly, particularly in :

Good to know:

Our dedicated OTP infrastructure guarantees fast, reliable delivery (SLA >98% in under a minute).

How smsmode^© can help you

By choosing the SMS OTP solution from ^smsmode©, you benefit from:

GOING FURTHER

Pay By Link: send a link by SMS and boost your sales

Use cases covered :

Create your free account

Try out our SMS platform and benefit from 20 free test credits, with no obligation.

Need more info?

We look forward to hearing from you.

SMS OTP AUTHENTICATION

COMPARATIVE
2FA or SSO?
The ultimate access security comparison

- PDF AVAILABLE IN ENGLISH AND FRENCH -

Do you choose 2FA/OTP or SSO to secure access to your services? By SMS, email, tokens or push notifications?

In this comparison, we analyze each method to help you choose the solution best suited to your needs, with the right balance between security, simplicity and cost.

Download the comparison

Need more info?

We look forward to hearing from you.

ASSURTECH

How to make authentication more accessible with voice OTP?

Experts in health and provident protection solutions, CNP Assurances Protection Sociale needed a voice solution to secure account creation and connections to extranet, customer site or customer area-type sites, for users with a rather high average age, and in compliance with accessibility requirements.

For this voice MFA requirement, the Front-end team was looking for a text-to-voice solution that could include a variable part corresponding to the OTP code to be entered in the web interfaces.

Download the use case

The SMS TTS solution enabled them to achieve the following results:

Universal distribution

The voice channel enables the temporary code to be addressed both on a mobile/smartphone AND on a landline.

Optimum accessibility

Voice OTP meets the need to include users who don't have a cell phone or who can't read text messages.

Proven use

Representing around 6% of OTPs sent, the use of voice OTPs is higher than initially estimated.

Enhanced security

Enabling multi-factor authentication increases the overall security of services.

Find out in detail how the smsmode voice OTP^© has enabled CNP Assurance to offer authentication for more direct, personalized and efficient interactions.

Download the use case

Create your free account

Try out our SMS platform and benefit from 20 free test credits, with no obligation.

March 15, 2025 - 3 min read

smsmode^© is a member of the GSMA

Elsa Paparone

Introduction

Since 2019, smsmode has been a member of the GSMA: the leading association in the mobile sector.

Associate membership is open to companies belonging to the mobile ecosystem. This includes mobile device manufacturers, software companies, internet and other equipment manufacturers, but also organizations from other sectors such as finance, medical, media, transport and services.

The GSMA and smsmode^©

The GSMA or GSM Association represents nearly 800 cell phone operators and manufacturers in over 220 countries worldwide.

Being part of this large organization allows us to work on projects that are shaping the future of mobile messaging and SMS , and to further establish ourselves as the French leader in the field of A2P communication.

Being a member of the GSMA also gives you access to the opportunity to build strong business relationships with a panel of over 750 industry members, from operators to vendors - in short, the entire mobile digital ecosystem.

We're very proud to be part of this new adventure within such a structure, alongside leading players in the field such as Orange, Huawei and Samsung!

View smsmode profile^©

WHITE PAPER

Product overview smsmode^©

Create your free account

Try out our SMS platform and benefit from 20 free test credits, with no obligation.

Need more info?

We look forward to hearing from you.

March 03, 2025 - 3 min read

smsmode^© combating smishing

Romain Didelot

Introduction

Faced with an ever-increasing number of cases of smishing, the authorities, operators and telephone aggregators have decided to take action. New rules have been introduced to protect telephone subscribers from costly SMS scams. The most important: strict control of Sender IDs (customized transmitters). smsmode^© has decided to go one step further in prevention, by filtering the common point of 95% of phishing attempts via SMS : The URL contained in SMS. Find out why smsmode^© is committed to and what this means for you, our service users.

What is smishing?

Smshing, smishing or SMS phishing is a phishing technique via SMS. It's a scam that works like email phishing, but from a telephone number. A cybercriminal attempts to extract personal or banking information, or money directly, from the recipient of a SMS message, using the identity of a brand or government service (bank, parcel delivery service, CPAM, Ameli or any other well-known brand).

In 95% of cases, this fraudulent SMS contains a URL that redirects victims to a website that looks as similar as possible to that of the organization purporting to be the sender, in order to inspire confidence. Victims are then asked to enter their bank details in order to withdraw a sum of money, sometimes on a recurring basis.

In other SMS phishing attempts, the fraud consists of offering to download an application "update", which is in fact a copy of a trusted application, acting as a spyware malware on the phone.

In some rare, but increasingly common, cases, scammers invite you to call a number so that an accomplice on the other end of the line can obtain your information.

Scammers redouble their efforts to incite the victim to action, the supposed sender of the fraud is always a very serious company or a critically important service, and by creating a sense of urgency in the victim.

Example of smishing

35780

HEALTH INSURANCE: Your new card is now available.

Fill in this form to stay covered: http:gros.spam.c

35780

Pole Emploi: Your CPF balance is available.

Protect it before XX or it will be lost: http:encoreduspam.c

Phishing on the rise at SMS

Since the beginning of the year, French mobile subscribers have been subjected to a large number of smishing attacks. Operators and the AF2M (Association française pour le développement des usages Multimédia Multi-opérateurs) have noted an explosion in fraud. Top of the list: CPF scams, social fraud under the name of Ameli or CPAM, banks, Amazon or Chronospost deliveries requiring postage...

The trend has really taken off in recent months, to the point where French operators and aggregators, in consultation with AF2M, have decided to introduce new rules for sending SMS Push (A2P).

The new rules introduced by operators

All stakeholders (French operators, AF2M, A2C*, aggregators, etc.) have agreed to change the rules for sending SMS, in order to protect the identity of "sensitive" brands likely to be used, and guarantee greater security for mobile users.

The committee's key measure is to restrict the use of OADCs (Sender IDs), otherwise known as personalized senders. All senders of so-called sensitive brands, or those resembling a sensitive brand, are banned, a priori.

Similarly, overly generic Sender IDs such as " SMS Info" are prohibited.

To ensure the implementation of these measures, aggregators SMS, smsmode^© in particular, have implemented a series of filters and an artificial intelligence system to whitelist or blacklist OADCs.

*Association of Independent CPaaS and CCaaS Players

What about Sender Ids for real "sensitive" brands?

It goes without saying that "sensitive" brands retain the right to use their name and its variations as a personalized transmitter. To ensure this, each aggregator is asked to provide operators with a list of authorized issuers, as they belong to the brands they represent. This authorization takes the form of a letter/form, addressed to the operators and signed by both parties, giving the subcontractor authorization to use the Sender ID(s) of the brand concerned.

Once unlocked, the brand's outsourced platform can route messages without SMS being stopped by anti-spam filters.

To ensure maximum security for users, and to be proactive with regard to the real problem of phishing via SMS, smsmode^© has decided to go one step further.

Our findings: the overwhelming majority of SMS phishing attempts use a URL to redirect potential victims to a fraudulent site to capture information.

smsmodeFor this reason,^© has implemented additional filters, specifically for URLs, to guarantee its customers a secure SMS experience.

What's new for you, our customers

Sender ID changes:

Rest assured, the personalized sender is still part of ^smsmode©.

To continue using your Sender ID, the first step is to have your account/organization validated by our services. You can then provide us with the list of Sender IDs you wish to use for your SMS campaigns.

If you have an organization (a parent account with multiple sub-accounts) and you pass the validation process, all your sub-accounts will be automatically validated.

Once your account is validated, you will be able to use the Sender IDs of your list. If however you send a message with an unknown sender, not included in your list of predefined senders, the message will not be sent and will be in error (visible on your space).

If your account is not validated, you will not be able to customize your Sender ID. If you attempt to do so, your sender will be overwritten and replaced by the default OADC (a shortcode in most cases).

This new mechanism has been added to all our services.

FOR COMPREHENSIVE SUPPORT

Our subscription packages

URL changes :

To be able to continue integrate URLS into your SMS campaignscampaigns, we invite you to let us know which legitimate URLs you wish to send in France by sending your list to smsmode

All messages containing unverified URLs will be blocked by our platform.

Will these new rules be enough to stop smishing?

These protective measures are useful in protecting the A2P market, as they are able to guarantee that no fraud or scam will pass through a reputable aggregator as smsmode^©.

On the other hand, most smsishing traffic is sent via low-cost or gray routes (using standard SIM cards), where the SMS is sent by an 06 or 07 number, without Sender ID. This type of filtering is therefore not possible.

According to AF2M, 98% of smishing attempts reported to 33 700 come from illegal routes (gray routes or SIM farms).

On this subject, the ball is in the court of the operators, who must fight against these illegal routes that serve the market. Of course, ^smsmode© does not use any grey routes.

However, a solution to this problem has already been found by the operators. In future, dialogue between brands and customers will only take place on numbers beginning with 09. A radical solution that should make smishing a thing of the past.

Conclusion

These measures may seem restrictive, but they are really necessary to (re)establish a climate of trust within the A2P SMS . Choosing a partner who is committed to fighting fraud, has a direct connection with operators and doesn't use any grey routes, is becoming increasingly important. The SMS Push market is also moving towards more and more controls on the URLs used to limit the performance of these fraudulent marketing campaigns, so it seems imperative to turn to a partner who allows you to control the senders and be in good standing.

Create your free account

Try out our SMS platform and benefit from 20 free test credits, with no obligation.

Need more info?

We look forward to hearing from you.

FINTECH

How can SMS be used to secure banking transactions?

Download the use case

Leetchi, the French pioneer in online kitty services since 2009, is the perfect partner for birthdays, farewell parties, weddings and solidarity causes.

The replatforming of their services in 2023 has necessitated the adoption of a reinforced identification method, whether for account creation or bank transfers.
This new KYC -Know Your Customer- relies in particular on the verification of the mobile number via the sending of an OTP by SMS.

Leetchi has integrated SMS OTP via API into its identity verification processes.
This dual authentication has made it possible to achieve :

A high level of safety

Double authentication is a key measure to comply with the level of security required in the regulated sector of participatory finance intermediaries.

Verified identity trails

These identity collection and verification processes - including e-mail and SMS - have led to an increase in the number of profiles verified.

Maximum accessibility

With its open rate and coverage, SMS remains the most universal and direct channel (particularly for the Leetchi app).

Find out in detail how Leetchi offers secure transactions with more direct, personalized and efficient interactions.

Download the use case

Create your free account

Try out our SMS platform and benefit from 20 free test credits, with no obligation.

July 17, 2024 - 5 min read

The use of SMS in Fintech

Elsa Paparone

Introduction

Fintech, the fusion of finance and technology, is disrupting the traditional banking sector through technological innovations. Among the solutions used by this sector, the strategic use of mobile messaging is a powerful tool for improving protection, communication and customer experience. Find out how finance companies are integrating short messaging to build strong relationships with their customers and protect their data.

SMS to streamline banking operations

Short Message Service plays an essential role in strengthening interactions within start-ups and innovative banks. As a direct and instantaneous communication channel, it enables companies to communicate effectively with their customers. From payment or contract reminders to transaction notifications, messages are of paramount importance in keeping customers informed in their financial activities. Many companies in the innovative banking sector, such as microcredit specialist Finfrog, use our solutions on a daily basis.

Text messaging is also a channel that greatly simplifies financial processes. By providing users with instant access to their financial information, SMS speeds up all interactions.

Whether for :

SUCCESS STORY

How does Leetchi secure its banking transactions with SMS ?

Our sending solution, also available via API, can help you reduce barriers to accessing financial services. By eliminating delays, oversights and friction, messages improve the fluidity of banking operations.

Security: the pillar of financial platforms, supported by the SMS

Beyond its communication function, the short message is a strategic protection tool that is particularly effective in the financial sector. It can be found in many different situations.

Two-factor authentication (2FA)

Users receive a unique authentication code (One Time Password) by SMS which they must enter in addition to their password to access their account. The 2FA by SMS adds an extra layer of assurance by verifying the user's identity, and blocks over 99.9% of account compromise attacks.

COMPARATIVE

Sensitive access security: 2FA or SSO?

Transaction confirmation

This well-known method for online payments has been replaced in Europe by 3D Secure, but is still widely used by online financial platforms generating virtual cards. When large payments are initiated, a SMS OTP is sent to the account holder to confirm the transaction and prevent fraudulent transactions.

Electronic signature

The One Time Password is very useful in electronic signatures, as it provides a legal guarantee of the signatory's identity and the integrity of the signed document. An OTP is generated for 1 signatory and 1 contract. The signatory re-enters this code received by message on the contract. This action is the legal basis of consent for a remote signature.

Suspicious connection alerts

If a suspicious connection is detected on a user's account, an alert message is sent to inform the user and enable them to take rapid action to secure their account.

Notification of an important change to the account

If a user changes their password or personal data, a short message can be sent to confirm the change. This ensures that the account holder is aware of any changes to their information.

Balance or activity alerts

Customers can receive alerts to be informed in real time of any activity on their account, such as a large payment or a change in balance.

Password reset

This is a more secure alternative to sending a password reset link by e-mail. A telephone number is a better guarantee of identity than an e-mail.

Identity verification for customer support

When a user contacts customer service with account-related questions, an identity verification message may be sent to ensure that the user is the account holder.

This extra layer of protection guarantees the confidentiality and security of transactions and sensitive data. Messages thus become a reliable shield, helping to build trust among users of online financial services.

GOING FURTHER

All you need to know about SMS for banking security

Understanding dual authentication ? How to deploy an authentication process? Which technologies and methods?

SMS for customer experience in Fintech

The use of mobile messaging in online financial platforms also offers other significant functionalities for improving the user experience. Here are just a few of them!

Personalization and proximity

Thanks to customizable variable fields and segmentation of the contact base, mobile messaging allows you to play the proximity card effectively. This is particularly valuable in the banking sector.

By tailoring messages to users' profiles and preferences, companies canstrengthen ties and create a unique experience for their customers. This personalization generates a sense of appreciation and involvement that helps build a solid climate of trust.

SUCCESS STORY

How does CNP Assurances make authentication more accessible with voice OTP?

Proactive information

With its record open rate, text messaging is the perfect channel for notifying and informing, with the assurance of being read. Companies can therefore take a proactive approach by sending out information on new offers, policy changes and more. It's an excellent way for a brand to demonstrate its commitment to transparency and customer satisfaction, while sparing them any unpleasant surprises. This strategic approach strengthens loyalty and guarantees a positive experience.

Mobile messaging as a financial education tool

It can also be a good channel for an educational approach. Banking companies can provide their customers with information and advice tailored to their specific needs throughout their investment journey. This approach makes it easier to assimilate financial concepts and encourages informed decision-making.

Consumers can also be guided through these learning stages by a chatbot SMSThe short message becomes a strategic awareness-raising tool, leading individuals towards greater control of their financial situation and loyalty to your solution. The short message becomes a strategic awareness-raising tool, leading individuals towards greater control of their financial situation and loyalty to your solution.

In addition, they can include links to reliable external resources, such as government articles or reference guides on financial management. This strategy enables users to deepen their knowledge and acquire the financial skills essential for using banking products.

GOING FURTHER

Optimized customer relations in Fintech.
10 tips for notifying and building loyalty with SMS

In this guide, identify the touch points where SMS improves the customer experience.

SMS in the banking sector: driving behavioral change

The use of mobile messaging in this specific sector is therefore not limited to distributing information or validating payments, but also encourages responsible financial behavior. The short message encourages users to put what they've learned into practice, using all the available functions. These include budgeting, financial balance sheets and savings planning. Periodic reminders and financial tips delivered by message act as catalysts for positive action. This encourages consumers to take concrete steps to improve their financial well-being. In this way, the mobile medium becomes a driver of behavioral change, transforming financial empowerment into an interactive and dynamic process.

In conclusion, the strategic integration of Short Message Service into the financial innovation industry has opened up new perspectives for security, customer experience and communication. By using it in a targeted way, financial companies are at the origin of a virtuous circle that leads customers and companies to success.

Create your free account

Try out our SMS platform and benefit from 20 free test credits, with no obligation.

Need more info?

We look forward to hearing from you.

June 28, 2024 - 7 min read

2-factor authentication, the security solution

Romain Didelot

Introduction

Security on the web is an issue for everyone. Protecting your company's sensitive information, and that of your customers, is a vital task for which the simple duo of login and password is no longer sufficient. The compromise of a single credential can lead directly to the success of a cyber attack. For this reason, dual authentication is the ideal tool for securing connections. Find out why 2FA (two-factor authentication) is so essential to protecting your business, and why the SMS OTP (one-time-password) is the best way to implement double verification.

What is two-factor authentication?

Double authentication, commonly known as 2FA or two-step verification, is a method of protecting a personal account by means of a second identification step, usually a code called an OTP, or verification number, sent by message with maximum priority and valid for a few minutes. This code, received on your cell phone via your telephone number, can also be sent by authentication software such as Microsoft Authenticator or Google Authenticator, by push notification or by e-mail.

Information

2FA by SMS lets you manage OTP code generation on your own. This gives you complete control over code creation, validity times and the security of the entire authentication system.

This method enhances web security by adding an extra layer of protection against unauthorized access: the recipient's telephone number.

Dual authentication differs from multi-factor authentication in the number of elements used. With MFA (Multi-factor authentication), three elements are used:

COMPARATIVE

Sensitive access security: 2FA or SSO?

What are the authentication factors?

Multi-factor authentication is divided into 3 distinct proofs of identity corresponding to 3 validation steps:

In practical terms, on an online account, logging in with a username and password is the first trigger. The second is the smartphone in your possession, to which the SMS OTP is sent, a text message containing the code to be typed in, proving that the phone is indeed yours.

GOING FURTHER

All you need to know about SMS for 2FA

Understanding dual authentication ? How to deploy an authentication process? Which technologies and methods?

Use cases of the 2FA

While this method is well known for validating online payments (still in use in Europe until the introduction of DSP2 regulations), it is becoming increasingly popular for other applications:

Examples of security request messages :

[SenderID]

To access your account, please complete the two-factor identification by entering the security code sent to your device.

[SenderID]

To increase the security of your account, please configure 2FA authentication via SMS to reduce the risk of hacking.

NEED MORE EXAMPLES?

All our examples of authentication and electronic signature messages...

Why your company needs 2FA

A first factor - login or email + password - can easily be hacked.

Using two-step validation - on 2 separate devices - reduces the risk of cyber-attack, and limits the theft or loss of personal or business information.

An asset to enhance your customers' protection

Some people already use 2FA in their daily lives, to secure their online banking activities, clouds, shopping or email platforms, social networks or password managers. Being proactive in this field by offering your customers a solution that enhances their online security is bound to be an asset.

By introducing 2FA, merchants are helping to provide a secure experience that strengthens the customer relationship.

Users obviously want their online solutions to be simple and transparent, but that doesn't mean they'll tolerate security loopholes. The rise in fraud and the increased use of digital payments mean that an additional authentication solution is needed for sensitive information.

A real additional security barrier for your online business services

A simple password is no longer enough. Access to personal information by malicious individuals can be devastating, and most businesses are no better protected against cyber-attacks than private accounts.

A corporate email account can be compromised by phishing or identity theft, and become an entry point for stealing strategic information or even money. If a password can be reset by email, access to your platform is child's play.

Passwords already used elsewhere and made public can be used to access a business account. 73% of passwords are used for more than one account, which is just as many chances for a successful hack.

Two identification factors: the solution to 99.9% of your security problems

Many attacks can indeed be thwarted by training employees in cyber security, using strong, unique passwords or anti-phishing training. But this kind of process has a cost for companies, and we're all human, so we're all susceptible to inattentiveness. What's more, with the democratization of teleworking, connection to professional accounts outside the company is on the rise, increasing the chances of errors and therefore cyber-attacks.

SUCCESS STORY

How does CNP Assurances make authentication more accessible with voice OTP?

With two-factor authentication, you don't have to put the security of your business solely on the shoulders of your employees.

With 2FA, cracking or recovering a password will no longer be enough to gain access. This strong authentication gives you an additional security barrier that blocks more than 99.9% of account compromise attacks. ⁽¹⁾. Whether it's phishing, bots or leaking credentials to another site.

To avoid breaches, some organizations go so far as to do away with the traditional password, relying on the last two factors or using TOTP (a key that uses the time stamp to create a sequence of characters, shared by the user and a server).

The 2FA in figures

Why sending OTP messages is the best way to implement 2FA

Simple, agile, reliable, inexpensive and fast, SMS is the universal solution that everyone knows how to use.

2FA is certainly possible with an instant messaging application, push notifications or an authentication application, but you need to be sure that your employees or customers have these applications, or can afford them. Also, this type of solution relies on the security of the application used. So it's best to be sure of your partner.

SMS has the huge advantage of being natively present on all mobiles, and can be received by everyone, from the latest smartphone to the oldest mobile. There's no need to download, create an account on an application or pay for a package to benefit from authentication services.

Easy to set up, the cost of OTP can be adapted to your budget, making it applicable to everyone, from SMEs to major corporations. It enables you to reach all profiles without limiting your action to a single community, such as users of a single instant messenger or an external application that generates TOTPs (Time-based One-Time Password).

With SMS :

SMS is also ideal for password recovery. A third of all online purchases are abandoned because of a forgotten password, so providing your customers with a quick and easy way to recover their account can benefit you both financially and in terms of customer experience and brand image.

Why choose smsmode^© to implement 2FA

Two-factor identification is essential to secure access to web services, adding an extra layer of protection after the password has been entered.

Access to personal data must be fast and secure, so SMS must work every time.

With smsmode^©️, your OTP codes have priority. Our status as a telecom aggregator with ARCEP offers you :

Consumers and employees alike can't wait to receive their codes. Employees may become impatient and deactivate the 2FA system, putting themselves at risk. As for customers, they could also abandon their purchasing action for lack of codes, so getting them back is essential. This is why the 2FA method is important, as is the solution chosen to implement it.

REPORT

Digital security at smsmode^© ?

Discover our data protection and privacy measures designed with RGPD compliance in mind.

2FA with smsmode^© in 3 points

A telecom operator ARCEP

Recognized as a mobile service provider telecom operator with ARCEPyou benefit from direct connection to operators through the services smsmode^©. So you can be sure that we won't be using no roamingwhich offers a high quality And reliability for your send SMS OTP.

Personal data protection

In accordance with our agreement with the CNIL and our ISO 27001 & 27701 certifications, all data imported into our services is confidential, and we guarantee that our contact files will not be used by third parties.

A long-standing player in messaging

Since 2004the mobile messaging provider smsmode^©offers tools forsending and receiving SMS via API. The company is constantly improving the services it offers, and is looking forward to more than 10,000 customers for a volume of more than 100 million SMS sent per month.

Get a free demo

Try out our SMS platform and benefit from 20 free test credits, with no obligation.

June 18, 2024 - 3 min read

Pay by Link: Send a link to SMS and boost your sales

Elsa Paparone

Introduction

Simplify your transactions by using a secure payment link inserted directly into your campaigns. Today we're going to explain what Pay by Link is, the benefits of this link-based payment system for your business, and how it complements the SMS channel. With Pay by Link, you'll never miss another opportunity to convert!

What is "Pay by Link"?

Pay by Link is an innovative payment solution that simplifies transaction management for businesses and consumers. This new payment method enables a company to send a payment link directly to the customer via SMS, e-mail or a messaging application (social networks). Customers can then settle an invoice or make a payment in just a few clicks, without having to connect to a specific website or banking application.

Why choose SMS as your communications channel?

As a reminder, the deliverability of SMS is far superior to that of its competitors, such as e-mail or social networks. For example, the average delivery rate of an e-mail is 85%, while the organic reach of Facebook publications is 5.5%. The SMS website, with an open rate of 98% and a response rate of 45%, offers an undeniable competitive advantage for effectively reaching your target. And these aren' t the only KPIs in which SMS stands out.

What's more, this communication medium is universal: compatible with all operators, regardless of subscription, phone model or installed applications. This makes it the most reliable way of reaching your customers when it comes to delivering crucial information, or substituting for a card, as with payment by links. The conclusion is simple:

Create links to expand your payment options. This new service also seems to be a solution for the future, as 62% of consumers under the age of 35 would like to be able to make their payments via SMS (source: getweave). A boon confirmed by the state of the SMS payment market. Boosted by the popularity of mobile use, e-commerce and consumers' growing expectations in terms of security, it looks set to have a bright future ahead of it.

STUDY

SMS trends and key performances

Find out more about our major study based on 745 million mailings SMS.

How does payment work? SMS

This new link-based payment technology works simply, quickly and efficiently.

1- When a customer needs to make a payment, the company generates a unique, secure link via its banking platform.

2- This link is then sent directly to the customer via the chosen means of communication (with the SMS smsmode API, for example).

3- On receiving the message, the customer simply clicks on it, and is redirected to a secure online payment link. They can check the transaction details, choose the service they wish to use to pay (credit card, e-wallet - Apple Pay or Google Pay, for example) and complete payment in just a few steps.

Once the action has been completed, the customer receives instant confirmation, as does the company.

Coupled with SMS, this payment management system reduces the risk of non-payment, cuts your costs and encourages your customers to pay via a simple, secure channel, with a read rate approaching 100%.

There are several payment initiation methods:

- Through a website and a code

The user is directed to a web page, where he or she is given a code to send back to the number indicated. They will then receive a message confirming their purchase, as well as access to their receipt (for show tickets, for example).

- By entering a telephone number directly on a web page

Users are encouraged to enter their telephone number on a web page. They then receive a code that they can use on the page in question (e.g., to purchase content online).

- Send an e-mail to SMS

The store invites the user to send a message to a specific number, which will send back the link to their receipt (donations, for example).

What are the advantages?

Pay by link offers a host of advantages that make it an attractive payment system for a company and its customers. Firstly, its simplicity and accessibility reduce friction in the payment process. Customers simply click on the link sent to them to access a secure payment page, eliminating the time-consuming need to navigate through complex websites or download specific applications. This convenience enhances the user experience, increasing customer satisfaction and loyalty. What's more, Pay by link allows greater flexibility for businesses, who can use it in a variety of contexts, such as invoice reminders, online sales, or service payments.

In terms of security, these payment links are often protected by advanced encryption protocols, ensuring that transactions are secure.

Finally, this method can speed up the sales and payment collection cycle, as it enables customers to pay instantly upon receipt of the link. In short, Pay by link represents an efficient and secure solution that facilitates transactions while offering an optimized user experience.

Use cases

From unclogging queues in your store and physical points of sale to streamlining collection processes, there are many real-life applications for this payment diversification technology:

GOING FURTHER

Learn more about SMS for security

Understanding dual authentication ? How to deploy an authentication process? Which technologies and methods?

Conclusion

In conclusion, Pay by link by SMS is positioned as a modern, efficient payment solution that meets the needs of a constantly evolving market. Companies adopting this technology will not only be able to optimize their payment processes, but also offer an enhanced customer experience, propelling their competitiveness and growth in an increasingly digitalized business environment.

Choose smsmode^© for your SMS pay-by-link

Create your free account

Try out our SMS platform and benefit from 20 free test credits, with no obligation.

Need more info?

We look forward to hearing from you.

June 16, 2024 - 3 min read

Authentication via SMS with One Time Password (OTP)

Romain Didelot

Introduction

Reducing the risk of fraud without hindering users in their login or account creation processes is a concern for many companies. The most common method for ensuring user security within an application is verification at login, i.e. authentication. Several solutions exist, but how do you adopt the one that will be the most effective and secure, while minimizing costs?

What are the different forms of authentication at SMS ?

Simple authentication using SMS

Simple authentication via SMS allows the user to connect to an account without providing a username or even a password. Once the login address has been entered, an SMS OTP (One Time Password) is sent to the cell phone of users who enter the code to connect to the application. It's a fast and easy way to verify that you have a cell phone, so there's nothing to remember. However, the phone is the only authentication factor, which makes this method more fragile.

COMPARATIVE

Sensitive access security: 2FA or SSO?

Two-factor authentication (2FA)

Two-factor authentication via SMS is the most widely used method. It allows you to reinforce your existing security system while benefiting from easy and inexpensive implementation. Users enter their logins (name and password), and SMS including OTP codes are sent to provide additional verification at login. With this two-step authentication, you benefit from enhanced security for all connections to your applications.

Multi-factor authentication (MFA) with SMS

Multi Factors Authentication (MFA) is a multi-step (usually 3) verification method before granting access to a system, application or data. The aim of MFA is to reinforce security by ensuring that the person attempting a connection is who they claim to be.

This authentication is based on :

In practice, when connecting to an online banking application, for example :

This method is the most reliable, as it is very difficult to forge/submit 3 verification factors at once. On the other hand, MFA represents a major development effort and can be complex to activate, especially for simple connection operations where 2 separate factors are more than sufficient.

When should SMS OTP be used for authentication?

This type of SMS containing codes has gained notoriety for its use in securing online credit card payments. But SMS "One Time Password" can be used for many other purposes:

Connection to online banking or trading services (stock portfolio, crypto...)
Access to social media accounts, video and audio streaming, content management, software development platforms, e-mail accounts and cloud services
Registration and verification of new user accounts
Connection to a messaging or file storage application
Password reset
Authentication for corporate portals or teleworking platforms
Access to e-commerce, delivery and logistics platforms
Certified electronic signature
Identity verification for information, government, health or sensitive services
Access to human resources management systems
Connection to online gaming forums or networks
Validation of travel bookings and electronic tickets

GOING FURTHER

All you need to know about SMS for 2FA

Understanding dual authentication ? How to deploy an authentication process? Which technologies and methods?

The applications for these codes are virtually endless in the web and mobile world! smsmode^© recommends that all companies using personal accounts with private data for their users implement authentication via SMS. You can really increase secure connections to your application or to unsecured networks with SMS OTP by sending temporary passwords.

Similarly, when registering a new customer, you can check their phone number with a code per message and ensure thatthe information is correct.

This process not only enables you to connect for the first time, but also guarantees you a certified database, enabling you to qualify your leads.
It is also possible to certify an electronic signature, enabling you to validate contracts remotely thanks to the codes generated.

SUCCESS STORY

Oodrive secures and accelerates electronic signature processes with SMS 2FA

What are the advantages of authentication via SMS ?

A significant convenience for the end-user: the use of cell phones in the account security process means that a code can be received very quickly on a medium that's close at hand. With immediate reception, the transmission of a unique unique code by SMS secures operations while making connections more fluid.

A universal medium that works on all mobile terminals and all global networks, giving all users a feeling of security, whatever their cell phone. Everyone will be aware of the security system protecting their personal data. And you won't need to develop an additional application to activate verification.

Certified collection of your customers' cell phone numbers to enrich your contact database with quality data: thanks to OTP, when a customer registers on your website, they can enter their phone number. This number is not always valid, and your database is therefore inaccurate. When they register, a code transmitted by SMS enables them to validate their number directly on your application or website.

Seamless integration and easy administration: this service is completely free of charge, and you will only be billed for SMS .

How to implement the SMS "One Time password"?

When you use ourstrong authentication solutionat SMS, you benefit from :

A powerful, documented REST API to implement SMS OTP. An alphanumeric code is automatically generated by your application or website. The OTP code is single-use, and its expiry date is defined in advance by your team. The SMS OTP routing implemented via the API is responsible for transmitting this code as quickly as possible via a high-priority channel dedicated exclusively to this type of transmission.

The routing of SMS 2FA or OTP to France, DOM-COM or international destinations is carried out on a dedicated, priority channel that is constantly monitored by our monitoring tools. The use of our web services also guarantees maximum security and total confidentiality of your data (encryption and hashing of user data).

GOING FURTHER

Pay by Link

Diversify your payment methods, offer the payment link sent by SMS

Create your free account

Try out our SMS platform and benefit from 20 free test credits, with no obligation.

Need more info?

We look forward to hearing from you.

Appointment reminders and enhanced security at the heart of Doctolib's success

The Doctolib success story is a case study. How did the e-health platform manage to achieve the performance we all know about? Partly relying on SMS and its advantages right from the start. Let’s have a look at the 3 ways in which SMS has contributed to the success of France’s first unicorn.

80 million

PATIENTS IN EUROPE

500 million

APPOINTMENTS PER YEAR

25 million

TEXT MESSAGES SENT PER MONTH

ABOUT

Founded in 2013, French startup and unicorn Doctolib has celebrated its 10th anniversary. The medical appointment scheduling and management platform has revolutionized healthcare, with the aim of improving the daily lives of healthcare professionals and facilitating access to care.

SECTOR OF ACTIVITY

Healthcare

COMPANY SIZE

2,800 employees

CREATION DATE

2013

LOCATION

France
Germany
Italy
Netherlands

CHANNELS

- SMS

- OTP SMS

- TTS

INTEGRATION - API

USE CASES

- appointment reminder
- authentication

I particularly appreciate the relationship I have with smsmode^© and being a pampered customer.

smsmode^© keeps its product up to date and is proactive to legal disruptions or changes. We’re constantly talking to each other about monitoring and developments.
This is an important point. Because, over and above the criteria for choosing a provider, it’s important to make a long-term commitment, and that’s the case with smsmode^©.

Thomas Grobost, product manager Doctolib

Routing performance

97,5%

OF SMS ISSUED

2,4 s.

AVERAGE TIME TO RECEIVE A TEXT MESSAGE

98%

OF SMS RECEIVED IN LESS THAN 5 SECONDS

Download the Doctolib success story

You may also, for legitimate reasons, object to the processing of your personal data. If you wish to exercise these rights, please send an e-mail to dpo(at)smsmode.com.

innovation and service excellence come first

Secure the application and accessibility of information via SMS

Doctolib undeniably disrupted the healthcare sector. What could be more normal today than to make a medical appointment online, 24/7, and to receive a reminder of the appointment a few hours beforehand?
Since its inception, Doctolib made SMS one of the axes for achieving its objectives to improve access to healthcare professionals. Activated at the friction points of one-to-one interactions, it makes the service more efficient, and adds that extra something to the Doctolib workflow that sets it apart: immediacy and accessibility.

First of all, there’s an appointment reminder, which is Doctolib’s most important use. Doctolib sends up to 4 reminders per appointment, either by email or push notification. Some of these reminders can be replaced by SMS for users who do not have a Doctolib account, do not use the mobile application or do not have push notifications activated (which is the case for almost 1 in 2 appointments). These SMS messages make it easier to read the information and, ultimately, help to reduce the number of appointments booked on Doctolib but not kept by up to 60%.

The second contribution of SMS is authentication. An OTP is systematically sent by SMS each time an account is created on the platform. It concerns not only patient account creation, but also on the professional side — even if other verification processes complete this first stage.
This authentication process is well tried and tested, as it has not been modified since its inception a few years ago. It also provides KYC — Know Your Customer — for new users, which is essential for any contact platform.
Voice messaging (with TTS) is the ‘accessibility‘ link in the Doctolib service. It deals with the issues of deliverability of the messages to landlines and accessibility for the visually impaired. What is the aim? To make their product accessible to as many people as possible.

We still need SMS appointment reminders for people who don’t have the application and SMS OTP for new users...

Thomas Grobost, product manager Doctolib

data protection, security and performance, the shock trio

The figurehead of e-health

Another major challenge (and mission) facing Doctolib is to provide a high-performance and secure service that respects personal data. The SMS use must not only comply with the high standards of the healthcare sector, but also help the client to achieve them!

Data security and confidentiality are central to the Doctolib’s strategy. The importance of data protection and processing is a core of our integrity duty (and of the trust relationship we built up with our users). In addition to internal measures (encryption, HDS, audits, ISO/IEC 27001 certification, etc.), Doctolib’s partners are involved in meeting e-health requirements as subcontractors. They must offer a high level of security guarantees and certifications : data hosting exclusively on servers in Europe, RGDP Compliant, etc. And smsmode^© meets all these requirements.

For years, we’ve been working with the Doctolib team on a daily basis to ensure that we’re always ahead of the game when it comes to the legal security obligations.

Fabien Andraud, head of sales smsmode^©

The data requirement would be nothing without the monitoring of mobile message routing and performance. The Doctolib product team monitors deliverability rates, sending speeds and the availability of the routing service in real time. These KPIs are key to ensuring reliable routing and optimal management of the volumes of mobile messages sent, country by country, at all times. It’s a performance indicator that’s all the more decisive for SMS OTP because the service is based on immediacy. Close collaboration with the smsmode^©technical team meant that the API calls for routes, channels and related prioritisation could be managed internally.

make way for the future...

Supporting Doctolib’s deployment and innovations

smsmode^© has been supporting Doctolib since the very beginning. We have witnessed its hyper-growth: from a handful of SMS messages in 2013 to today 25 million SMS messages which are sent every month.

Doctolib has certainly grown with smsmode^© and smsmode^© has grown with Doctolib.

Thomas Grobost, product manager Doctolib

Beyond these figures, the SMS channel is accompanying Doctolib in its expansion, and its international expansion first and foremost. Even if the approach to healthcare is different in each country, the SMS channel plays the same key role in Germany, Italy and France, offering simplicity and convenience to patients who booked an appointment. It is also an important communication channel, to tell patients about the app’s new features...
... or to innovate and foreshadow the healthcare of tomorrow at the launch of the new markets. SMS is now available to healthcare professionals as a means of direct communication with their patients via the Doctolib interface. This new service for sending SMS and emails is available to practitioners in Germany, Italy and soon France, giving them the opportunity to send group communication to all their patients about the updates in their practice (office closures, holidays, etc.) or to send out prevention and vaccination messages to target patient groups (depending on their age, pathology, etc.).

Much more than just creating a close, privileged doctor/patient relationship, these new communication functions are the future face of the Doctolib brand: that of becoming a “health partner”.
The goal is to monitor our health throughout our lives, to become a cornerstone of prevention and... to have our health always at our fingertips (on our smartphone)!

Reverse OTP: free authentication with SMS

July 18, 2022

Data security is a concern for many customers. To satisfy this need for reliability and gain a competitive edge, many solutions implement two-factor authentication (2FA), often via a SMS OTP. But implementing 2FA is costly, and each message sent is billed. But there's a way to guarantee strong authentication without the OTP messages costing you a single penny. Find out how to set up a free SMS OTP in this article.

Continue reading " How to set up free authentication on your application "

Reduce signing times with SMS 2FA

Oodrive Sign provides electronic signature solutions that guarantee full legal validity and evidential weight. It capitalises on the strength of SMS authentication to enhance, simplify, and expedite the transition of agreement and approval processes into digital workflows. A wealth of experience and innovative use of SMS OTP...

1 500

SATISFIED SIGNATORIES

4 min.

TO NOTIFY THE SIGNATORY

ABOUT

Oodrive is the European leader in sensitive data management for businesses. More than a million people use their software suite, which includes “Oodrive Sign”, which enables the automation of business processes involving electronic signatures with legal value.

SECTOR OF ACTIVITY

Corporate Services

COMPANY SIZE

400 employees

CREATION DATE

2000

LOCATION

France Germany Spain

CHANNELS

- OTP SMS

- SMS

INTEGRATION

- API

USE CASES

- authentication
- notification

Download the Oodrive success story

You may also, for legitimate reasons, object to the processing of your personal data. If you wish to exercise these rights, please send an e-mail to dpo(at)smsmode.com.

sign electronic documents swiftly in record time

Workflow acceleration as a priority

Notification to the signatory(ies) of the contract when a document needs to be signed. Identification and consent process of the signatories. Alert message when a document is countersigned by all parties.

For Oodrive Sign, all the key moments in the dematerialised signature process are associated with a scenario triggering the sending and/or receiving of an automated SMS messages via API requests implemented in their secure SaaS environment.

We have recently introduced SMS to push the contract to the signatory in addition to email to notify them more quickly that a document is available to sign.

Alexandre Mermod, Product Manager Oodrive Sign

The objective. To make remote approvals as smooth and time-efficient as possible, and to support the diversity of uses, particularly that of mobility.
Undeniable advantages for the dematerialization and digitization of business processes.

notification of a document to be signed by SMS

notificación de un documento que debe ser firmado por SMS

Benachrichtigung über ein zu unterzeichnendes Dokument per SMS

notifica di un documento da firmare via SMS

SMS makes identity verification 100% mobile

The power of dematerialised identification with SMS

Simple signature, advanced signature, qualified signature. The degree of identity verification of the signatory and the guarantee of the document differs between these different levels of security of an electronic signature.

A One Time Password sent by SMS is generated for ONE signatory and for ONE contract. The signatory must re-enter this code on the contract. It is this precise action that is the legal basis for consent in the case of a remote signature.

Alexandre Mermod, Product Manager Oodrive Sign

SMS 2FA — two-factor authentication — is a key component of remote signature authentication and is a necessary element of proof to elevate a “simple” signature to an “advanced” one.
Commonly used in the sector and particularly well accepted by users, this unique and temporary code ensures the second authentication factor of the signatory (after the email which integrates a secure link to the document to be signed), reinforces the legal proof file and links the person to the act.

Another application of double authentication by SMS implemented by Oodrive Sign is the “dialog signature”. This solution opens the door to a 100% mobile signature. For the signatory, there is no need to enter the OTP code received in the contract displayed on his web browser (which he will probably have forgotten in the meantime); everything takes place on the SMS message service. They simply reply to the SMS received by re-entering the code... and the signature is instantly approved on the Oodrive Sign application. An innovative and fluid technology that sweeps away the friction points of a classic One Time Password!

SMS ensures evidential value

The legal aspect of digital identification

In the context of the dematerialisation of documents, the SMS 2FA is a main asset to univocally guarantee the identification of the signatory and the integrity of the signed document. This method of remote digital identification is part of a strict legal framework defined by the European eIDAS regulation.
SMS is considered by these organisations as a secure and highly reliable authentication method.

The highly secure unique digital identity on which SMS 2FA is based is associated with the SIM card and the obligation of telecom operators to verify the identity of the subscriber.

Fabien Andraud, head of sales smsmode^©

This legal and evidential value of SMS cannot be provided by other mobile messaging channels (RCS, WhatsApp or Messenger), due to the absence of a verified identity associated with the opening of an account.

The future of the electronic signature lies in the progression of qualified digital signature modes to further limit the risks of identity theft. Always associated with a One Time Password received by SMS, they include a more advanced verification of the identity document — on photo, by video, by face scan to identify a signatory — or even signing face to face remotely thanks to augmented reality! Innovations on which Oodrive plays a pioneering role...

Using SMS OTP for online payment

Introduction

What are the authentication rules for online payment?

When is SMS OTP still used?

Secure access (excluding payment)

Services not directly covered by PSD2

Online payment (in certain cases)

Why is SMS OTP still a useful tool?

The smsmode point of view©

How smsmode© can help you

Use cases covered :

COMPARATIVE 2FA or SSO? The ultimate access security comparison

Download the comparison

How to make authentication more accessible with voice OTP?

Download the use case

Universal distribution

Optimum accessibility

Proven use

Enhanced security

Download the use case

Create your free account

smsmode© is a member of the GSMA

Introduction

The GSMA and smsmode©

smsmode© combating smishing

Introduction

What is smishing?

Example of smishing

Phishing on the rise at SMS

The new rules introduced by operators

What about Sender Ids for real "sensitive" brands?

What's new for you, our customers

Sender ID changes:

URL changes :

Will these new rules be enough to stop smishing?

Conclusion

How can SMS be used to secure banking transactions?

Download the use case

A high level of safety

Verified identity trails

Maximum accessibility

Download the use case

Create your free account

The use of SMS in Fintech

Introduction

SMS to streamline banking operations

Security: the pillar of financial platforms, supported by the SMS

Two-factor authentication (2FA)

Transaction confirmation

Electronic signature

Suspicious connection alerts

Notification of an important change to the account

Balance or activity alerts

Password reset

Identity verification for customer support

SMS for customer experience in Fintech

Personalization and proximity

Proactive information

Mobile messaging as a financial education tool

SMS in the banking sector: driving behavioral change

Create your free account

2-factor authentication, the security solution

Introduction

What is two-factor authentication?

What are the authentication factors?

Use cases of the 2FA

Examples of security request messages :

Why your company needs 2FA

An asset to enhance your customers' protection

A real additional security barrier for your online business services

Two identification factors: the solution to 99.9% of your security problems

With two-factor authentication, you don't have to put the security of your business solely on the shoulders of your employees.

The 2FA in figures

Why sending OTP messages is the best way to implement 2FA

Why choose smsmode© to implement 2FA

2FA with smsmode© in 3 points

A telecom operator ARCEP

Personal data protection

A long-standing player in messaging

Get a free demo

The smsmode point of view^©

How smsmode^© can help you

COMPARATIVE
2FA or SSO?
The ultimate access security comparison

smsmode^© is a member of the GSMA

The GSMA and smsmode^©

smsmode^© combating smishing

Why choose smsmode^© to implement 2FA

2FA with smsmode^© in 3 points

Choose smsmode^© for your SMS pay-by-link

Why adopt the solution smsmode^© ?