OTPs are big in India. Sent via SMS to your registered phone numbers, it is a popular way to authenticate a transaction or even login to your accounts.
But text messages and phone numbers are not a secure medium. I am on the fence whether SMS based OTP is actually a net positive for security. Probably helps with senior people not accustomed to using passwords, but it definitely lowers my security (I have a hardware token and generally try to disable SMS OTP)
Not sure where you are from but getting a SIM (mobile connection) or even getting your own SIM/number re-issued is not as simple as that is in many (western) countries.
Transfers/switches/porting always have a decent cool-off period. So while I am not saying it's as safe as it gets, I was just wondering whether you were assuming it's the same way in many other countries.
PS. Credit cards just can't work just based on credit card number, CVV, and expiry MMYYYY here either. You have got to have that SMS OTP auth and in many cases a password as well. Also, at POS (shops, restos etc) you must enter your PIN, it's not optional. (Now up to ₹2000 some cards let you just swipe/tap w/o a PIN, but it's an opt-in feature)
One issue still left: SMS are "relatively" easy to eavesdrop.
I am in the US. SIM reissuing scams are not uncommon and my own number was reassigned for half a week due to a technical glitch. During that time I had multiple conversations with customer support staff and it was ridiculous how many changes I could request without any verification or authentication.
The aim is to reduce the possibilities of getting robbed. Targeted attacks like sniffing SMSs of a user requires significantly more effort than just stealing their card.
That was the same argument that I heard against ATM skimmers ... until my city was hit by a massive wave of skimmer-related thefts about 5 years ago. My debit card got cloned too -- I woke up one fine evening to the sound of SMSes announcing withdrawals from my savings account :) The next morning, there was a crowd of almost 300 people waiting to file FIRs at the local police station. Apparently there were similar scenes in other localities as well. It looked like a fairly well-planned and well-executed operation. (Technological) effort is not a significant barrier for thievery as long as there is enough money to be made out of it.
Thats still smaller when the entire population is considered. Also lack of security will erode the trust in digital banking which is terrible for a developing country like ours
OTPs are big in India. Sent via SMS to your registered phone numbers, it is a popular way to authenticate a transaction or even login to your accounts.