A new system of online payment authentication through “missed Calls” has been launched by a company in India and is being suggested as a system of Two Factor Authentication which is better than the OTP system now being used.
According to NetCore the company which is proposing this service, “Spoofing of number” in an SMS system is easy but not in the missed call system.
However security experts don’t agree with the view of the company that the system is anymore secure than the OTP system. They point out that with services such as Skype calls, it is easy to send a missed call without access to the Telco network. The claim of the company therefore appears to be incorrect.
It is also to be reiterated that there is no legal support for authentication of an electronic transaction in India except with some form of digital/electronic signature. Any other method is “Ultra-Vires” the law and requires a binding from the service provider that the loss arising out of the failure of the authentication has to be borne by the concerned service provider such as the Bank. Any marketing suppressing this fact in the disclosure would amount to a fraud.