JAKARTA - One-Time Password or OTP is a random password that is usually sent by e-commerce or banking shops as an authentication code for the account owner. Sometimes the OTP will be sent via SMS or instant messaging apps like WhatsApp.

The reason is that recently, several e-commerce and banks have started diverting the sending of OTP codes from SMS to over the top (OTT) services such as WhatsApp, Line, and Telegram. This is considered to be more efficient and makes it easier for OTP code recipients to protect the account from problems, such as theft and abuse of the account.

So, will diverting sending OTP codes from SMS to OTT platforms like WhatsApp be safer? According to cyber security expert Ruby Alamsyah, sending messages through OTT services is vulnerable to being hijacked and taken over by irresponsible people.

"If the reason is that the bank does not trust a third party because of the SIM swap issue yesterday, then security reasons are not necessarily appropriate to migrate sending OTP codes from SMS to instant messaging OTT. Because the instant messaging platform is provided by third parties," Ruby said in a statement. statement received by VOI, Tuesday, August 18.

Ruby explained, instant messaging services are equipped with end-to-end encryption features, so that no one can read the message except the sender and receiver. However, it should be noted that the instant messaging application can still be taken over by hackers.

This is because SMS messaging services are provided directly by telecommunications operators, in other words, criminals must carry out SIM Swap from the number registered by the account owner. Meanwhile, the OTT platform of instant messaging services does not involve operator intervention and in theory, the OTP code will go directly to the user's hands.

"Mastering the OTT instant messaging application is much easier than mastering SMS," he added.

Ruby argues that the reasons for switching OTP codes to instant messages are efficiency and price, it is relative. However, what must be remembered is that the Indonesian bank regulations clearly state that when sending OTPs or making transactions via electronic channels, banks must be able to ensure that all networks used are safe.

He hopes that banking and e-commerce parties can prioritize customer safety factors above other factors. So don't let the community be harmed. And also don't let the banks blame the public if there is a breach of customer accounts due to OTPs that are sent via instant message OTT.

"Don't let banking and e-commerce blame customers for not securing the OTT instant messaging application," Ruby concluded.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)