If you’ve been using online services employing layers of security such as online banking or credit card transactions, then you might have already encountered the OTP or One-Time PIN. What is it and why is it important? We’re here to find out.
What is OTP?
The OTP is a set of numbers sent to a user, usually to his or her phone number or email, that is needed to validate access or a transaction, which minimizes the risk of fraud. As the name suggests, it’s only for single use, and it quickly expires.
As an example, the Bank of the Philippine Islands (BPI) uses OTP and sends their clients a unique 6-digit password when they make critical or highly sensitive online transactions. The OTP is sent to the client’s registered mobile number via SMS and will expire 5 minutes after it was sent.
Do note that BPI OTP is a free service and you do not need to enroll or register for OTP.
Never share it with anyone!
The rule is that the OTP is for you and you alone, meaning you’re the only one who should receive it and you should NEVER share it with anyone. Exposing it to other users defeats the purpose of the OTP.
As an analogy, it is like having two different keys to your house — one for the gate and another one for the main door. Even if burglars get hold of the key to your gate, they still need the key to your door to get into the house.
How can attackers get my OTP?
Although OTPs are proven to be effective in minimizing fraud, attackers can still exploit it by using phishing and vishing methods directed to the user.
Attackers will first try to get the user’s info like username, password, and phone number usually via phishing emails that trick the receivers into believing that the email is really from a bank or financial institution. It is followed by a phone call by someone pretending to be an employee of the bank who will then ask the user to update their account or cancel an unauthorized transaction.
Once the information is provided, the attacker will then initiate a transaction using the client’s online credentials to generate an OTP. He will call the user again to confirm and will ask for the OTP as a form of verification. This is the vishing or voice phishing part of the attack.
Thinking that the call is valid, the user provides the OTP, which the attacker then uses to complete an unauthorized transaction.
What should I do to prevent attacks like this?
The key is to make sure that no one else knows about your info such as usernames, passwords, and phone numbers, especially the OTP. Be very suspicious if someone calls you and asks for this info. Do note that BPI will NEVER ask for a client’s OTP via e-mail, phone, SMS, or social media. Again, the OTP is for you and you alone.
What if I receive an OTP even if I’m not making any online transaction?
You should immediately call BPI Phone Banking via 89-100 to report the incident. Receiving an OTP even if you are not making an online transaction may mean unauthorized access of your account.
What if my mobile phone is stolen?
If you no longer have access to the mobile number that you registered with BPI, immediately update your contact details with BPI to avoid the risk of unauthorized transactions.
Keep yourself informed.
Another way of securing your accounts is to exercise your awareness continually. Keep yourself informed about your bank’s security measures, processes, and rules, as well as about new methods that attackers use to gain access to your accounts. It’s also your responsibility to stay informed and make yourself hack-proof.
YugaTech.com is the largest and longest-running technology site in the Philippines. Originally established in October 2002, the site was transformed into a full-fledged technology platform in 2005.
How to transfer, withdraw money from PayPal to GCash
Prices of Starlink satellite in the Philippines
Install Google GBox to Huawei smartphones
Pag-IBIG MP2 online application
How to check PhilHealth contributions online
How to find your SIM card serial number
Globe, PLDT, Converge, Sky: Unli fiber internet plans compared
10 biggest games in the Google Play Store
LTO periodic medical exam for 10-year licenses
Netflix codes to unlock hidden TV shows, movies
Apple, Asus, Cherry Mobile, Huawei, LG, Nokia, Oppo, Samsung, Sony, Vivo, Xiaomi, Lenovo, Infinix Mobile, Pocophone, Honor, iPhone, OnePlus, Tecno, Realme, HTC, Gionee, Kata, IQ00, Redmi, Razer, CloudFone, Motorola, Panasonic, TCL, Wiko
Best Android smartphones between PHP 20,000 - 25,000
Smartphones under PHP 10,000 in the Philippines
Smartphones under PHP 12K Philippines
Best smartphones for kids under PHP 7,000
Smartphones under PHP 15,000 in the Philippines
Best Android smartphones between PHP 15,000 - 20,000
Smartphones under PHP 20,000 in the Philippines
Most affordable 5G phones in the Philippines under PHP 20K
5G smartphones in the Philippines under PHP 16K
Smartphone pricelist Philippines 2024
Smartphone pricelist Philippines 2023
Smartphone pricelist Philippines 2022
Smartphone pricelist Philippines 2021
Smartphone pricelist Philippines 2020
Mano says:
Ms
ysabel libres says:
i want to be a online banking/w atm