Why are SMS OTPs costly for enterprises?

SMS one-time passwords / passcodes (OTPs) have been a popular method for multi-factor authentication (MFA), but they impose significant costs on enterprises. Here's why:

• Every SMS OTP sent incurs a fee, which can accumulate rapidly for organizations with millions of users.
• For businesses with international customer bases, cross-border SMS delivery is even more expensive due to higher carrier charges.

Large-scale consumer deployments require frequent SMS OTPs for account logins, sign-ups, and recovery, increasing the volume - and the cost.

Attackers exploit vulnerabilities like artificially inflated traffic (AIT), generating fake OTP requests to drive up SMS costs maliciously.

• SMS OTP delivery failures lead to support tickets, requiring customer service intervention to resolve issues.
• Addressing these failures adds to operational overhead and frustrates users.

Many users prefer SMS OTPs for convenience, making it difficult for organizations to transition to cheaper alternatives like authenticator apps without compromising UX.

Passkeys eliminate the need for SMS OTPs entirely by relying on secure, phishing-resistant authentication mechanisms. By reducing dependency on SMS, enterprises can save up to 90% in OTP-related expenses while enhancing user experience.