As user expectations shift and SMS OTPs face growing scrutiny, telcos are at a crossroads in the mobile identity space. The time has come to move beyond legacy authentication and embrace seamless, secure alternatives. In this post, Harry Cheung, Founder & CEO of IPification explores why telcos must evolve and how solutions like IPification’s can keep them relevant in the age of digital trust.

It’s the 2020s, and telcos have their plates full, juggling shifting priorities, growing competition, and rising user expectations.

However, one area they can’t afford to overlook is digital identity.

It’s a space where telcos have historically had a natural advantage thanks to their tech infrastructure. And as secure, seamless authentication becomes a priority across industries, that advantage is more valuable than ever.

For years, SMS OTPs have been the go-to method for authentication (especially as the second factor) across banking, e-commerce, government services, and more. But now, that method is starting to show its age.

It’s not just about SMS fraud risks. It’s about changing expectations.

Enterprises are actively looking for stronger, more privacy-respecting identity partners. Users are tired of clunky logins and rising fraud. And regulators? They’re only going to raise the bar on security and compliance.”

Users want authentication that’s fast, secure, and invisible. And enterprises are looking for solutions that can deliver that: solutions that scale easily, reduce risk, and streamline onboarding.

As a result, mobile identity is becoming a strategic investment area. Not because it’s trendy, but because it’s necessary.Telcos that want to stay at the center of authentication and user trust aren’t just doubling down on infrastructure. They’re evolving it.

Mobile Identity: It’s Time to Evolve Past SMS OTPs

Let’s be clear: SMS one-time passwords (OTPs) have long been a key mobile identity tool.

In fact, they’ve been the de facto authentication solution for years. They’re widely used, generate significant revenue for MNOs, and are deeply embedded across financial services, e-commerce, and beyond.

But as user expectations evolve and security threats grow more sophisticated, SMS OTPs are nearing their retirement.

SMS OTPs come with a list of vulnerabilities.

Because they rely on the outdated SS7 protocol, they’re vulnerable to interception and rerouting, which means hackers can exploit them with the right tools and timing. Moreover, they’re increasingly targeted by SIM-swap fraud and phishing attacks, both of which have become more dangerous in the age of generative AI.

Phishing, in particular, has exploded since the launch of tools like ChatGPT. One report showed a staggering 4,151% in phishing activity linked to AI-generated content.

On top of that, there is friction in the user experience. Codes don’t always arrive instantly (and sometimes never), and when they arrive, users often have to switch between apps, retype, ultimately getting frustrated.

And don’t forget: 70% of users say they prefer an authentication method simply because it’s easier to use, and 95% of multi-factor authentication users prefer mobile apps for their convenience.

Finally, with enterprises exploring alternatives, the market pressure on telcos is growing. Many have already adopted app-based authentication, passkeys pushed by Apple, Google, and Microsoft, biometric logins, etc.

Why? Because these methods help reduce friction and improve security, all while cutting costs associated with SMS OTPs.

If telcos don’t evolve their mobile identity offering, there’s a risk that they will be replaced in the mobile identity space by these faster-moving tech solutions.

For telcos, this presents a strategic crossroads: continue relying solely on SMS OTP revenue, or evolve toward more seamless and future-proof mobile identity solutions, before someone else does. A huge advantage they have over other providers, however, is their insanely powerful tech infrastructure that they could leverage to get ahead of the curve.

Modern mobile identity solutions, like IPification, build on the strengths of telcos and their tech infrastructure to offer a silent, background authentication experience.

IPification generates a unique Mobile ID key for each user made up of their SIM card, network and device data. To verify, users only need to input their phone number and tap once.

There’s no code, no waiting, and no compromise on security or privacy. After the one tap, authentication in mere milliseconds.

For telcos, this not only makes up a new revenue opportunity in the identity-as-a-service vertical, but it also leads to higher retention through greater user trust and satisfaction, and it lets them keep their key place in the mobile identity space, especially as reliance on SMS OTPs slowly declines.

A Strategic Move: Stay Relevant in Mobile ID Management

Let me be honest with you: deploying a new mobile identity solution isn’t an overnight job. It takes cross-departmental alignment, some integration effort, and the right timing.

But here’s the thing: it doesn’t have to be complicated.

We’ve partnered with operators like CSL in Hong Kong, Smart Axiata in Cambodia, and Telin in Indonesia, just to name a few. Today, IPification is live or in deployment in 39 markets, and growing fast.

And the integration? It usually takes just a few weeks. Our GMID Box plugs directly into the existing infrastructure and unlocks instant mobile authentication capabilities: network and device-based, secure, and seamless.

What do telcos gain from this?

You offer a better experience to your app partners, authentication that happens in the background, no codes or delays. You stay in control of identity as the market shifts beyond SMS OTPs. And last but not least, you get to monetize a new identity verification channel.

For digital businesses, authentication becomes seamless. Onboarding speeds up, fraud drops, user drop-off rates decrease because users get the smooth experience they expect. It’s a win-win.

Harry Cheung

Founder and Chairman, IPification