6 Reasons Why Companies Should Use WhatsApp for 2FA
Two-factor authentication protects customers from security threats – but relying on SMS exclusively to deliver 2FA can create its own issues. Here’s how WhatsApp can step in and help.
From user verification and password resets to transaction authentication, two-factor authentication (2FA) offers basic but useful protection for consumers. The 2FA process typically sees an SMS sent to the customer with a one-time password (OTP). This is entered alongside an existing username and password, confirming the user is who they say they are.
But there’s a problem: While 9 in 10 consumers say that using 2FA makes them feel like their online information is more secure, only 28% of consumers actually use it when available. The reason for such a self-defeating disconnect? Predominantly because the 2FA process creates friction for the consumer, in turn increasing churn and lower conversions rates for business. Also, while SMS offers great convenience and global reach for business, relying solely on texting to deliver OTPs is costly and can create security risks including ‘smishing‘, exploits, delivery failures, and more besides.
Now enter WhatsApp, which is able to sidestep these issues and act as a great alternative or complementary OTP delivery channel to SMS. Here’s why:
Reason 1: Encryption comes as standard
The world’s number one messaging platform offers end-to-end encryption. Unlike SMS, messages sent over WhatsApp are encrypted at every step of the process. From the customer’s device and the WhatsApp Business Service Provider (who manage message deliveries) to the business itself, all in-transit and sent/received messaging is locked down to prevent unauthorized access.
Also, customers know any messages received via WhatsApp are the ‘real deal’ thanks to a security message displayed at the top of every 2FA-triggered chat. Because this message is generated by WhatsApp itself, scammers are never given the opportunity to ‘fake’ it.
Reason 2: More consistent deliveries
Delivering OTPs via SMS relies on the consumer having access to a cellular signal. That’s not great for those who may be in an area with patchy coverage or for folk on overseas trips who don’t have international roaming. However, WhatsApp messages can be received by both cellular (with a suitable data package in place) and crucially, wi-fi.
By deploying WhatsApp, businesses can also avoid the complexity and fragmentation of SMS services and features when dealing with multiple mobile carriers at once. Nor will enterprise need to contend with differing territory regulations, and most importantly, pay the charges typically associated with using SMS at scale.
Companies are already benefiting from WhatsApp-powered connectivity. For instance, the Indonesian commerce company, Tokopedia, deployed WhatsApp as one of its one-time password (OTP) validation channels, and achieved a 58% higher delivery rate than SMS.
Reason 3: Proven to boost trust
SMS has a credibility issue: Just how should a consumer know if the SMS they’ve received is really from a company, not a scammer? While ‘senderID’ can be deployed by a business to show a text is authentic, enterprise is beholden to mobile operators who may or may not support the functionality. Cue logistical in-company headaches and seriously wary consumers.
WhatsApp does not suffer from this problem. Every business that operates over the social channel needs either a Business Account (which shows that the company has been verified by WhatsApp) or an Official Business Account (again verified by WhatsApp but it has gone through an extra level of scrutiny to receive the WhatsApp green checkmark badge).
Attaining the green badge is especially important for companies working in sensitive sectors such as banking as it gives customers extra peace of mind. However, either option offers a level of credibility simply not achievable with SMS.
Reason 4: Failsafe fallback
Let’s not write off SMS entirely though. While WhatsApp is the world’s most popular messaging platform with two billion users, there are still countries where penetration is low so SMS may still be required. Also, there are inevitably users who may no longer use the platform or do not receive or read a WhatsApp message for whatever reason.
It’s why SMS can be deployed as a fallback if a consumer doesn’t use the social platform or if a WhatsApp verification message isn’t picked up after a certain amount of time. The OTP can be automatically dispatched via SMS instead, ensuring that whatever the hold-up, the all-important password will still be received.
Reason 5: Bigger than just OTP
Offering enhanced security for consumers is only part of a much bigger WhatsApp-powered CX picture. For example, Banco Azteca in Mexico stopped using SMS to deliver OTPs to customers opening a new account, and replaced it with WhatsApp. This switch boosted new account rates by 30% a month.
Such a dramatic increase saw the bank adopting WhatsApp-driven services across its entire range of offerings from money transfers, balance checks and airtime purchases through to initiating loans; the latter has led to a 10% increase in loan application conversion rates plus an overall boost in customer satisfaction rates to 93%.
Reason 6: It’s easy to get started
The process of adopting WhatsApp can be simplified by teaming up with an official WhatsApp Business Service Provider. These manage the entire onboarding process from WhatsApp Business Profile creation to generating customizable message templates for OTPs.
As well as taking the company through WhatsApp business account creation, an official provider such as tyntec can scale the service to meet specific needs. From bot deployment and vital analytics functionality to APIs that connect WhatsApp with existing commerce and security systems, tyntec ensures that initial investment in the messaging platform will deliver a meaningful ROI as well as optimized customer experiences.