惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

雷峰网
雷峰网
宝玉的分享
宝玉的分享
I
InfoQ
P
Privacy International News Feed
V
V2EX
IT之家
IT之家
S
SegmentFault 最新的问题
D
Darknet – Hacking Tools, Hacker News & Cyber Security
V2EX - 技术
V2EX - 技术
C
CERT Recently Published Vulnerability Notes
C
Check Point Blog
The Register - Security
The Register - Security
爱范儿
爱范儿
博客园 - 三生石上(FineUI控件)
AWS News Blog
AWS News Blog
M
MIT News - Artificial intelligence
C
Cyber Attacks, Cyber Crime and Cyber Security
F
Fortinet All Blogs
B
Blog
N
Netflix TechBlog - Medium
B
Blog RSS Feed
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Last Week in AI
Last Week in AI
T
Threatpost
Forbes - Security
Forbes - Security
U
Unit 42
A
Arctic Wolf
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
P
Palo Alto Networks Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Recorded Future
Recorded Future
L
Lohrmann on Cybersecurity
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Proofpoint News Feed
月光博客
月光博客
Spread Privacy
Spread Privacy
MongoDB | Blog
MongoDB | Blog
Jina AI
Jina AI
I
Intezer
V
Visual Studio Blog
阮一峰的网络日志
阮一峰的网络日志
The Hacker News
The Hacker News
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
L
LangChain Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
博客园_首页
MyScale Blog
MyScale Blog
腾讯CDC
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
量子位

PYMNTS.com

Crypto Payments Are Back. Will Merchants Actually Care This Time? B2B’s New Battlefield Is Everything Before the Button Amazon Targets the GLP-1 Gap Big Pharma Left Open LendingClub Signals Expanded Capabilities With Happen Bank Rebrand Congress Moves to Give FinTechs Direct Fed Payment Access Microsoft Tests Mythos to Identify and Mitigate Vulnerabilities United Airlines Hikes Fares as Fuel Costs Surge OpenAI Images 2.0 Is a Real Leap With a Real Price Tag Morgan Stanley Says Gaming Could Score $22 Billion With AI FTC Shuts Down Alleged Healthcare Fraud Scheme Sam’s Club Offers eCommerce Shoppers Hour-or-Less Deliveries FinTechs Cut Staff as AI and Margins Redefine Growth JPMorganChase Extends Critical Industries Investment Program to Continental Europe OpenAI Lands $75 Million Investment From Robinhood Ventures House Bill Would Reduce Small Lenders’ Reporting Requirements Coinbase Lists tGBP to Expand Locally-Denominated Stablecoin Access BNY Names New Head for Payments/Trade Client Platform KnowBe4 Automates Global Cash Flow Via Flywire Partnership Treasury Calls for Programmable Financial Enforcement Across Crypto DeepSeek Seeks $20 Billion Valuation as Tech Giants Weigh Investment Google Accelerates Agentic AI Shift With New Enterprise Platform OpenAI Begins Briefing Governments on Cybersecurity Capabilities DeFi Security Suffers New Blow With $3 Million Volo Exploit Uninvited Users Access Anthropic’s Mythos AI Model Block and Uber Expand Partnership Across Several Global Markets OpenAI Pledges $1.5 Billion to PE Enterprise AI Project Podcast: Inside the $9 Billion DeFi Hack That’s Shaking Crypto’s Foundations Synchrony CFO Flags Momentum in Spending and Credit Banks Risk Slowing the Emerging Middle Market Firms Driving Growth Paysafe Expands Digital Wallet Availability Across 18 European Markets Bad Data Can Break Good AI in Payments 50% More Digital Shopping Days Put Parents at the Center of Retail’s Shift 65% Call Insurance Essential. Why Most Spending Isn’t So Clear-Cut Amazon Recasts Marketplace Fraud as a Broader Trust Problem Capital One’s Q1 Shifts Attention From Spending to Strategy Lawmakers Question JetBlue About Surveillance Pricing Allegations Payments Modernization Is Insurance’s Next Big Margin Engine How Visa Is Rewiring Bank Infrastructure for the AI Era Instant Payments Grow but the Real Barrier Is Human The Old-School Card Product Banks May Need Most 43% of SMBs Would Pay to Make Purchases in Installments The Real AI Edge in Payments Comes From Better Judgment In the Age of Agentic AI, Data Control Is Power Verizon’s Dan Schulman Tells CEOs to Be Open About AI Job Cuts Walmart Eyes Stores as Warehouse Space for Same-Day Delivery France’s CB Payments Network Aims to Take on Visa/Mastercard in EU QVC Was TikTok Shop Before TikTok Shop Loop Raises $95 Million to Bridge Supply Chain Data Gap Cursor Eyes $50 Billion Valuation as AI Coding Demand Surges Commercial Lending Rescues Regional Banks From Consumer Slowdown Anthropic and White House Aim to Make Peace in Friday Meeting Home Depot Buys SIMPL Automation to Support Same-Day Delivery The Riskiest Words in B2B: This Is How We’ve Always Done It France Urges Euro Stablecoins to Break Dollar Dependency Importers Prep for Monday Opening of Tariff Refund Portal Permitting Hurdles and Labor Shortages Threaten AI Data Center Timelines Token Freezes Force CFOs to Rethink Stablecoin Risk X Money Tests Whether Social Commerce Can Hold Consumer Deposits Anthropic Briefs EU Regulators on Mythos Cybersecurity Concerns Welcome to Vibe Ordering, ChatGPT Is Taking Your Order Now Nvidia Says AI Can Finally Make Quantum Computing Work QVC Files Chapter 11 to Slash Debt and Pursue Growth Uber Eats Lets Customers Return Their Retail Purchases Financial Officials Sound Alarm About Anthropic’s Banking Risk 71% of Billion-Dollar Firms Face Agent Identity Threats What If Clearing Had Its Stripe Moment? OpenAI Targets Pharma Giants With Purpose-Built AI Model California Claims Amazon Punishes Sellers for Lower Prices on Other Sites CFTC Chairman Says AI Helps Agency Run More Like a Business Global Finance Chiefs Call for Mythos Information Sharing Big Bank Earnings Show Digital Activity Drives Deposits OCC Clears JPMorgan Chase After Trade Surveillance Program Upgrade Accounts Receivable Gets an AI Upgrade BNY’s AI Strategy Signals a New Era of Platform Banking Bank of England Probes AI Threats to UK Financial Stability Rising AI Adoption Is Driving Up Enterprise Costs Google Faces EU Order to Share Search Data With Rivals Delivery Robots Lead Grab’s AI Expansion Circle Chief Says China Could Issue Stablecoin in 3 to 5 Years Amex Acquires Hyper to Boost AI and Expense Management Offerings Anthropic Ready to Offer Mythos to British Banks Issuers Face a New Reality as Credit Goes Real Time How Payments Gaps Are Limiting Deposit Growth at Community Banks AI May Run Payments but Humans Still Own the Risk 90% of Millennials Feel Pressure at the Grocery Store The New Checkout Is Where the Best Offer Wins Insurance Sector’s Private Credit Ties Has Investors Concerned Oil Price Spike Erodes Small Business Confidence, NFIB Says Synctera Looks to Beef Up Compliance With Cable Acquisition Velera Launches Cloud Platform to Modernize Credit Union Tech Kraken Lands $200 Million Investment From Deutsche Börse Walmart CFO Says Marketplace Revenue Up 20% Over 2025 The US Operationalized Stablecoins This Week, But Who’s Using Them? AI Is the New Sales Associate in Physical Retail Fed Finds Stablecoins Idle, Confirms PYMNTS Usage Gap BMO Accelerates Quantum Push With New Tech Institute Bank of France Pushes EU to Rein in Non-Euro-Backed Stablecoins Perplexity Uses Plaid to Personalize Financial Insights Blackstone Accelerates Push to Lead AI Infrastructure Boom Feds Warn Major Banks of Anthropic Mythos Cyber Threat
Why Banks Can’t Rely on One-Time Passwords Anymore
PYMNTS · 2026-04-23 · via PYMNTS.com

Banks are confronting a difficult reality: the one-time password, once treated as a reliable safeguard, is no longer sufficient to protect accounts in an environment shaped by automation and deception.

Schalk Nolte, CEO of Entersekt, made clear that the industry has long understood the limitations. “This is not new,” he said, noting that warnings about one-time passwords (OTPs) date back more than a decade.

What has changed is not the core weakness, but the intensity of its exploitation. “The major difference that we’re seeing now simply is the scale of the attack rather than the sophistication,” Nolte said. Bots can cycle through stolen credentials and repeatedly attempt logins until they can intercept or elicit a code.

A control that may have been adequate in a lower-volume threat environment now faces continuous pressure. The same vulnerabilities persist, but they are exercised far more frequently.

Why Banks Still Depend on OTPs

Despite these limitations, one-time passwords remain embedded in many authentication flows. Nolte attributed that persistence to operational convenience.

Advertisement: Scroll to Continue

“It’s easy to deploy,” Nolte said, adding that an OTP requires little from the customer beyond a mobile number.

That simplicity aligns with long-standing priorities around user experience. Institutions do not need customers to download applications or complete enrollment steps. In many cases, the process is immediate and familiar.

Cost also plays a role. OTP systems are inexpensive relative to more advanced authentication methods. For smaller banks and credit unions, the balance between cost, usability and security often leads to continued reliance on these tools.

Yet that balance introduces trade-offs. As institutions add more authentication prompts to compensate for risk, customers encounter repeated challenges that can diminish attention and trust.

Fatigue Weakens the Signal

Nolte pointed to a growing problem with overuse. The effect is a form of fatigue. Authentication requests lose their significance when they appear too frequently. Customers begin to respond automatically rather than thoughtfully, which undermines the purpose of the control.

This environment creates openings for fraudsters who rely less on technical exploits and more on persuasion.

Social Engineering Moves to the Forefront

According to Nolte, social engineering has become a primary method for bypassing OTP-based security. “Social engineering is unfortunately … something that gets past all of these things,” he told PYMNTS.

These attacks do not require breaking encryption or intercepting messages. Instead, they rely on convincing customers to share codes directly. The method exploits trust rather than infrastructure.

Nolte described a case in which a fraudster posed as a bank employee conducting a test. The customer was told to read back a one-time password to assist with a security check. “A couple of hundred thousand dollars later … it wasn’t a test,” he said.

The example underscores a broader weakness. When authentication depends on user cooperation without clear context, it becomes vulnerable to manipulation.

Making Authentication Context-Aware

To address these gaps, Nolte argued that institutions must move beyond static challenges and introduce intelligence into the process. “Make your dumb authentication smart,” Nolte advised.

The goal is to evaluate signals surrounding each interaction, including behavior, location and device characteristics. Authentication should adapt based on risk rather than apply uniformly across all transactions.

This approach allows banks to reduce unnecessary friction while focusing attention where it matters. Instead of prompting every user for every action, systems can escalate only when anomalies appear.

Nolte emphasized that there is no single solution. Different authentication methods address different risks, and institutions must combine them in a coordinated framework.

Layering Defenses Without Disrupting Customers

Entersekt’s approach, as described by Nolte, centers on integrating intelligence into existing authentication stacks rather than replacing them outright. The aim is to preserve the familiar user experience while improving decision-making behind the scenes.

“We plug into your authentication stack and make your  authentication stack smart,” he said. That includes incorporating behavioral analytics and broader data signals to identify suspicious activity.

The analogy he offered reflects the shift. Traditional systems resemble a generic alarm that signals a problem without identifying its cause. More advanced systems specify what is happening and how to respond.

This layered model also allows for gradual adoption. Banks can begin by enhancing existing controls and then introduce additional methods, such as passkeys or biometrics, as needed.

A Shift in How Banks Think About Security

The persistence of OTPs reflects a broader tension between convenience and protection. As fraud tactics expand, that balance is becoming harder to maintain with static tools.

Nolte framed the path forward as an incremental process that prioritizes intelligence and context. “Take what you have and augment this with something that provides intelligence,” Nolte told PYMNTS.