What is the code that is sent to my phone for?
One of the priorities when we carry out transactions through electronic channels is to guarantee security. To this end, institutions tend to send us by SMS a one-time password, consisting of a numeric or alphanumeric combination to authenticate a given transaction. In other words, it is a mechanism to access a network or a service using a single password that can be used only once. The main advantage of this system over static or permanent passwords is its security, since it cannot be reused. Also, each one-time password tends to expire after 60 seconds, giving the user sufficient time to enter the password.
This authentication mechanism is in line with recent regulatory changes, in particular with strong customer authentication which requires the payment service to use at least two different data, called authentication factors, which may be:
- Knowledge: something the customer knows, such as a password or PIN.
- Possession: something the customer possesses, such as a debit card or a mobile phone.
- Inherence: something inherent to the customer, such as his/her fingerprint or facial recognition.