Combating OTP Fraud With Localized Indic Communication



Digital Banking & Language

While banks use Indian languages offline, helping make banking services accessible to the common Indian, they stick to English online, a language that only 10% of India speaks, and under 50% of Indian internet users use online. Since the services they provide are invaluable to the Indian consumer, they often have to put in time and effort into learning how to work around the language barrier (by memorizing which menu option to select, etc).

In fact, these workarounds are so established that there are numerous videos – in Indian languages – teaching Indians how to carry out basic actions on so and so payments app, in their own language. These videos often have lakhs and lakhs of views, indicative of both just how necessary these videos are to their viewers, and how many Indians who use these apps actually need these videos to use them.

By ignoring Indian languages, banks have fundamentally limited the scope of usage most Indian internet users can expect from these websites and apps. English has yet again acted as a barrier to their wider adoption, hurting the chances of these apps truly taking off among the average Indian.

After all, trust is central to banking, and to build trust, you need to have clear communication. Communication is a language users don’t understand just doesn’t cut it. According to a Google-KPMG study, 68% of Indian language internet users find content in their own language more trustworthy than content in English. It logically follows that this applies to payments and banking more so than other domains.

That’s not all. Ignoring Indian languages has its own repercussions – it’s opened the door wide open to security risks.

The Continuing Menace Of OTP Fraud

OTP fraud is one such example, an extremely common fraud that has resulted in the theft of lakhs and lakhs of rupees across the country, with lakhs of Indians duped.

Banks have been trying to fight OTP fraud. How do they go about their user education?

OTP fraud has plagued banks, although seemingly easy for customers to avoid falling prey to. Despite receiving multiple communications warning against sharing private details, including OTP numbers, bank customers have continued to fall prey to this menace. Every OTP SMS or mail invariably carries a message instructing the recipient not to share the OTP.

However, one critical oversight has proved to undermine these efforts – the various warnings that customers receive are all in English.

If the user does not understand English, they will not be able to grasp just how risky sharing personal details can be. Which is why a fraudster can ask a customer for their OTP by giving them a long winded explanation involving bank verification, and likely expect the details in response. They can claim to be a bank official, a government officer, a doctor, or even an executive from an e-commerce company.

The textbook example of such a case would involve a fraudster calling a customer up under a false identity, telling them that an SMS has been sent to their phone, and asking them to share the number in the SMS over the phone. The customer is then given some sort of explanation as to why this number is needed – usually revolving around an urgent requirement. This convinces the customer, who doesn’t know that the person they are speaking to does not actually represent this company. They share the OTP they have received. Once this number has been shared, the fraudster uses it to clear a transaction that has been initiated using the victim’s payment details.

Why OTP Fraud Succeeds

This fraud is common because users are not adequately instructed on how to use and guard an OTP number.

Genuine user education is the missing link here, user education that actually communicates the seriousness of this fraud to users. And this cannot be accomplished in English.

Clearly, there is a significant communication gap that is preventing this customer education from actually speaking to its intended recipients, leaving them easy prey to fraudsters. Indian languages can change this, by making customer education actually work. When people understand exactly why they shouldn’t share their OTP, they will be a whole lot less ready to.

How do you make sure security alerts aren’t lost? The answer is localization.

Localizing OTP Messaging

Localizing OTP messaging involves translation, as well as real time transliteration. First, the English copy of the messaging is translated into all required languages, with placeholders – typically vender name, amount, bank branch – kept aside for dynamic content.

(Reverie’s localization services are available as an on premise option, ensuring that sensitive data never leaves the servers of the bank generating the OTP.)

Next, when an OTP message is sent out, these fields are populated with their English entries. These entries are transliterated into their Indic script equivalents in real by a transliteration API, and then added to the placeholder blanks. The customer then receives the message entirely in their own language, with all the relevant data filled in.

Most importantly, the instruction to keep the OTP private is clearly presented in the user’s language of choice, telling the user the consequences of sharing their OTP.

By making these communications available in Indian languages, banks and digital payments companies can start actually educating their users and warning them about OTP fraud and its consequences in a language they actually do understand. This will help combat the menace of frauds. Localised, personalized communication is a critical step in enabling this – such messaging will speak to users better.