惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

阮一峰的网络日志
阮一峰的网络日志
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Blog — PlanetScale
Blog — PlanetScale
Jina AI
Jina AI
MyScale Blog
MyScale Blog
N
Netflix TechBlog - Medium
月光博客
月光博客
云风的 BLOG
云风的 BLOG
T
The Blog of Author Tim Ferriss
博客园_首页
GbyAI
GbyAI
The Cloudflare Blog
博客园 - 叶小钗
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
MongoDB | Blog
MongoDB | Blog
Y
Y Combinator Blog
博客园 - 三生石上(FineUI控件)
量子位
博客园 - Franky
WordPress大学
WordPress大学
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
人人都是产品经理
人人都是产品经理
F
Fortinet All Blogs
Martin Fowler
Martin Fowler
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
M
MIT News - Artificial intelligence
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
I
InfoQ
Google DeepMind News
Google DeepMind News
S
SegmentFault 最新的问题
大猫的无限游戏
大猫的无限游戏
Apple Machine Learning Research
Apple Machine Learning Research
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Stack Overflow Blog
Stack Overflow Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Last Week in AI
Last Week in AI
J
Java Code Geeks
腾讯CDC
aimingoo的专栏
aimingoo的专栏
C
Check Point Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
V
Vulnerabilities – Threatpost
S
Schneier on Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
Lohrmann on Cybersecurity
S
Securelist
F
Full Disclosure
Cisco Talos Blog
Cisco Talos Blog
小众软件
小众软件
The GitHub Blog
The GitHub Blog

PYMNTS.com

Google Accelerates Agentic AI Shift With New Enterprise Platform DeFi Security Suffers New Blow With $3 Million Volo Exploit Uninvited Users Access Anthropic’s Mythos AI Model Block and Uber Expand Partnership Across Several Global Markets OpenAI Pledges $1.5 Billion to PE Enterprise AI Project Podcast: Inside the $9 Billion DeFi Hack That’s Shaking Crypto’s Foundations Synchrony CFO Flags Momentum in Spending and Credit Banks Risk Slowing the Emerging Middle Market Firms Driving Growth Paysafe Expands Digital Wallet Availability Across 18 European Markets Bad Data Can Break Good AI in Payments 50% More Digital Shopping Days Put Parents at the Center of Retail’s Shift 65% Call Insurance Essential. Why Most Spending Isn’t So Clear-Cut Amazon Recasts Marketplace Fraud as a Broader Trust Problem Capital One’s Q1 Shifts Attention From Spending to Strategy Lawmakers Question JetBlue About Surveillance Pricing Allegations Small Businesses Stop Chasing Amazon on Delivery Speed Google Embeds AI Into Chrome for 3.5 Billion Users Adobe Plans Outcome-Based Pricing for New AI Product Suite UnitedHealth Spends $1.5 Billion on AI and Wants Double Back MiCA Forces Crypto Firms to Get Licensed or Get Out Prediction Market Kalshi Targets Crypto Perpetuals New York Sues Coinbase and Gemini Over Prediction Markets Amazon and Anthropic Deepen Ties With Investment and Hardware Pact Commercial Loans Show US Economy Defies Sluggish Forecasts The Web Is Gaslighting AI Agents and Nobody Can Tell OCC Enters the Interchange Fight and Raises the Stakes Amazon Dismisses New Evidence in California Antitrust Suit AI Finds Its Best Customer on Main Street Coinbase Opens Services Marketplace for Agentic Commerce Feds Start Processing $127 Billion in Tariff Refunds for Importers Zenskar Raises $15 Million For Agentic-Powered Revenue Automation Payments Modernization Is Insurance’s Next Big Margin Engine How Visa Is Rewiring Bank Infrastructure for the AI Era Instant Payments Grow but the Real Barrier Is Human The Old-School Card Product Banks May Need Most 43% of SMBs Would Pay to Make Purchases in Installments The Real AI Edge in Payments Comes From Better Judgment In the Age of Agentic AI, Data Control Is Power Verizon’s Dan Schulman Tells CEOs to Be Open About AI Job Cuts Walmart Eyes Stores as Warehouse Space for Same-Day Delivery QVC Was TikTok Shop Before TikTok Shop Loop Raises $95 Million to Bridge Supply Chain Data Gap Cursor Eyes $50 Billion Valuation as AI Coding Demand Surges Commercial Lending Rescues Regional Banks From Consumer Slowdown Anthropic and White House Aim to Make Peace in Friday Meeting Home Depot Buys SIMPL Automation to Support Same-Day Delivery The Riskiest Words in B2B: This Is How We’ve Always Done It France Urges Euro Stablecoins to Break Dollar Dependency Importers Prep for Monday Opening of Tariff Refund Portal Permitting Hurdles and Labor Shortages Threaten AI Data Center Timelines Token Freezes Force CFOs to Rethink Stablecoin Risk X Money Tests Whether Social Commerce Can Hold Consumer Deposits Anthropic Briefs EU Regulators on Mythos Cybersecurity Concerns Welcome to Vibe Ordering, ChatGPT Is Taking Your Order Now Nvidia Says AI Can Finally Make Quantum Computing Work QVC Files Chapter 11 to Slash Debt and Pursue Growth Uber Eats Lets Customers Return Their Retail Purchases Financial Officials Sound Alarm About Anthropic’s Banking Risk 71% of Billion-Dollar Firms Face Agent Identity Threats What If Clearing Had Its Stripe Moment? The Hidden Cost of Swiping Personal Credit Cards for Business Payments Leaders Need AI Controls They Can Explain in 24 Hours Podcast: Why the Biggest Market in the World Is Money. And Up for Grabs 44% of Healthcare Treasurers Lack Cash Flow Visibility as Payment Friction Persists OpenAI Targets Pharma Giants With Purpose-Built AI Model California Claims Amazon Punishes Sellers for Lower Prices on Other Sites CFTC Chairman Says AI Helps Agency Run More Like a Business Global Finance Chiefs Call for Mythos Information Sharing Big Bank Earnings Show Digital Activity Drives Deposits OCC Clears JPMorgan Chase After Trade Surveillance Program Upgrade Accounts Receivable Gets an AI Upgrade BNY’s AI Strategy Signals a New Era of Platform Banking Bank of England Probes AI Threats to UK Financial Stability Rising AI Adoption Is Driving Up Enterprise Costs Google Faces EU Order to Share Search Data With Rivals Delivery Robots Lead Grab’s AI Expansion Circle Chief Says China Could Issue Stablecoin in 3 to 5 Years Amex Acquires Hyper to Boost AI and Expense Management Offerings Anthropic Ready to Offer Mythos to British Banks Issuers Face a New Reality as Credit Goes Real Time How Payments Gaps Are Limiting Deposit Growth at Community Banks AI May Run Payments but Humans Still Own the Risk 90% of Millennials Feel Pressure at the Grocery Store The New Checkout Is Where the Best Offer Wins Payments Alone No Longer Cut It for Small Businesses Apple Pushes Siri Programmers to Adopt AI Coding Tools Amazon Sellers Protest Policy Changes With One-Day Ad Boycott FanDuel and DraftKings Fund $41 Million Lobbying Effort by Super PAC Live Nation Loses Antitrust Case Brought by 33 States Fed Beige Book Finds Tax Refund Relief Running Into Higher Gas Prices Anthropic’s New Design Tool Rivals Adobe and Figma Goldman Sachs Seeks SEC Approval for New Bitcoin ETF What AI-Driven Attack Chains Mean for CFOs and CISOs Healthcare’s AI Boom Moves From Bedside to Back Office Accel Prepares to Pour $5 Billion Into Global AI Breakouts Velera Launches Cloud Platform to Modernize Credit Union Tech SoFi Uses Galileo to Power Real-Time FedNow Transfers Palo Alto Founder Eyes Liberty Bank for AI Banking Experiment Surcharge Surge Hits Consumers as Fee Fatigue Sets In Walmart CFO Says Marketplace Revenue Up 20% Over 2025
Why Banks Can’t Rely on One-Time Passwords Anymore
PYMNTS · 2026-04-23 · via PYMNTS.com

Banks are confronting a difficult reality: the one-time password, once treated as a reliable safeguard, is no longer sufficient to protect accounts in an environment shaped by automation and deception.

Schalk Nolte, CEO of Entersekt, made clear that the industry has long understood the limitations. “This is not new,” he said, noting that warnings about one-time passwords (OTPs) date back more than a decade.

What has changed is not the core weakness, but the intensity of its exploitation. “The major difference that we’re seeing now simply is the scale of the attack rather than the sophistication,” Nolte said. Bots can cycle through stolen credentials and repeatedly attempt logins until they can intercept or elicit a code.

A control that may have been adequate in a lower-volume threat environment now faces continuous pressure. The same vulnerabilities persist, but they are exercised far more frequently.

Why Banks Still Depend on OTPs

Despite these limitations, one-time passwords remain embedded in many authentication flows. Nolte attributed that persistence to operational convenience.

Advertisement: Scroll to Continue

“It’s easy to deploy,” Nolte said, adding that an OTP requires little from the customer beyond a mobile number.

That simplicity aligns with long-standing priorities around user experience. Institutions do not need customers to download applications or complete enrollment steps. In many cases, the process is immediate and familiar.

Cost also plays a role. OTP systems are inexpensive relative to more advanced authentication methods. For smaller banks and credit unions, the balance between cost, usability and security often leads to continued reliance on these tools.

Yet that balance introduces trade-offs. As institutions add more authentication prompts to compensate for risk, customers encounter repeated challenges that can diminish attention and trust.

Fatigue Weakens the Signal

Nolte pointed to a growing problem with overuse. The effect is a form of fatigue. Authentication requests lose their significance when they appear too frequently. Customers begin to respond automatically rather than thoughtfully, which undermines the purpose of the control.

This environment creates openings for fraudsters who rely less on technical exploits and more on persuasion.

Social Engineering Moves to the Forefront

According to Nolte, social engineering has become a primary method for bypassing OTP-based security. “Social engineering is unfortunately … something that gets past all of these things,” he told PYMNTS.

These attacks do not require breaking encryption or intercepting messages. Instead, they rely on convincing customers to share codes directly. The method exploits trust rather than infrastructure.

Nolte described a case in which a fraudster posed as a bank employee conducting a test. The customer was told to read back a one-time password to assist with a security check. “A couple of hundred thousand dollars later … it wasn’t a test,” he said.

The example underscores a broader weakness. When authentication depends on user cooperation without clear context, it becomes vulnerable to manipulation.

Making Authentication Context-Aware

To address these gaps, Nolte argued that institutions must move beyond static challenges and introduce intelligence into the process. “Make your dumb authentication smart,” Nolte advised.

The goal is to evaluate signals surrounding each interaction, including behavior, location and device characteristics. Authentication should adapt based on risk rather than apply uniformly across all transactions.

This approach allows banks to reduce unnecessary friction while focusing attention where it matters. Instead of prompting every user for every action, systems can escalate only when anomalies appear.

Nolte emphasized that there is no single solution. Different authentication methods address different risks, and institutions must combine them in a coordinated framework.

Layering Defenses Without Disrupting Customers

Entersekt’s approach, as described by Nolte, centers on integrating intelligence into existing authentication stacks rather than replacing them outright. The aim is to preserve the familiar user experience while improving decision-making behind the scenes.

“We plug into your authentication stack and make your  authentication stack smart,” he said. That includes incorporating behavioral analytics and broader data signals to identify suspicious activity.

The analogy he offered reflects the shift. Traditional systems resemble a generic alarm that signals a problem without identifying its cause. More advanced systems specify what is happening and how to respond.

This layered model also allows for gradual adoption. Banks can begin by enhancing existing controls and then introduce additional methods, such as passkeys or biometrics, as needed.

A Shift in How Banks Think About Security

The persistence of OTPs reflects a broader tension between convenience and protection. As fraud tactics expand, that balance is becoming harder to maintain with static tools.

Nolte framed the path forward as an incremental process that prioritizes intelligence and context. “Take what you have and augment this with something that provides intelligence,” Nolte told PYMNTS.