Kill The OTP: Netcore Launches Payment Authentication With Missed Call

2factorauthentication Rajesh Jain’s Netcore Solutions has launched 2FA, a payment authentication service which allows banks and e-commerce companies to authenticate payments and logins using missed calls. At present, the payment ecosystem is plagued by unreliable bank payment gateways (I had 4 credit card transaction attempts fail on Sunday), and a tedious “one time password” (OTP) method for enabling mobile payments. Netcore allows users to be authenticated by giving a missed call from a registered mobile number, instead of having to remember a password, or the need to type in a one time password.

Speaking with MediaNama, Veerchand Bothra, Chief Strategy Officer at Netcore, said that the logic behind the solution is that in the offline world, when you’re withdrawing cash from an ATM, you have two factors – “You have a card, and the other is that you are present, which is indicated by your password or PIN. On the Internet, which the RBI has been trying to take care of, how do you deal with this? The banks attempted to deploy the second factor through 3D Secure and OTP. What we’re doing is that the second factor is your missed call, which indicates that your phone is present. It’s a proxy for the person being present. We’re targeting the BFSI sector first, with this, because that’s the low hanging fruit.”

What About Number Spoofing?

Number spoofing allows a machine to typically add a number to a message and send it, and if a number can be spoofed for sending a missed call, then the authentication system doesn’t work. Bothra said that while number spoofing is easily possible in SMS, “if you don’t have access to telecom operator infrastructure, you can’t spoof numbers the way you could do in an SMS. It’s very very difficult to spoof numbers (for calls).”

Kill The OTP

In the past, Zipdial has launched missed calls as a means of authentication of users for e-commerce ventures – see this. However, the real opportunity is in transaction verification, because the payment process, at present is much too tedious, especially on the mobile. We’ve written in the past about a need for a level playing field in payments, because companies who route their billing through an international payment gateway have undue benefit (of ease of use), in comparison with Indian payment gateways that have to route transactions through gateways set up by Indian banks, or choose an OTP method of payments which is far too tedious.

Also read our previous posts on this issue:
– How India’s Banks Killed The Future Of Commerce – Hrush Bhatt, Cleartrip
– Probir Roy: OTP Hit Paymate’s Domino’s Account; No KYC For Small Payments
– Note To RBI: Need A Level Playing Field In Online Billing In India

5 Comments

Prashant Tandon March 11, 2013

useless business idea.
Use VOIP and change CLID.

This should not be implemented in banks at least as this would definitely increase cyber crime cases.

Srimoy Behera March 9, 2013

Gopi when you loss your ph you need to block it first. Any ways using missed call authentication would also save a lot of operational cost of sending SMS.

Abhishek Shah March 8, 2013

doesnt make sense - if am alrdy on call to make a payment over IVR - how do i make another call from same number to give this missed call?

Anonymous March 8, 2013

how wld u check ur sms then

Gopi March 9, 2013

checking SMS while on call is rather easier than making a 2nd call.

still, OTP is more safer. the inbox locking facility on smart phones will save my life in case of phone theft/lost. but giving missed call can be done by anybody who has found/stolen my mobile.

Related Posts