For years, SMS and email-based OTPs (one-time passwords) have been the go-to method for digital authentication. Ubiquitous across banking, e-commerce, and enterprise workflows, they’ve powered one of the biggest use cases in the CPaaS industry.
But that era may soon be ending.
Regulators are stepping in:
Malaysia was one of the first to ban SMS OTPs for banking apps. Singapore followed with a push toward digital tokens and app-based verification. And now, in June 2025, the Central Bank of the UAE has ordered all financial institutions to stop using SMS and email OTPs as of next year, mandating stronger real-time fraud prevention and secure authentication alternatives. 👉 Source
The motivation? Security. OTPs sent over SMS or email are increasingly vulnerable to phishing, SIM swap fraud, and man-in-the-middle attacks. The technology is showing its age—and regulators are no longer willing to look the other way.
What’s at Risk
The OTP use case drives a significant share of CPaaS revenue—part of a sector now worth tens of billions annually and still growing. But that foundational stream is under pressure. As regulatory mandates expand and enterprises shift toward more secure login methods, OTP traffic could decline sharply in some regions over the next 12–18 months.
Silent authentication, biometric login, and network APIs (like SIM Swap and Device Location) are already stepping in. Identity is moving upstream—toward platforms that are faster, more secure, and less dependent on legacy telecom rails.
Join the Conversation at CASA25
We’ll unpack this shift at CASA25 in Amsterdam this September:
What’s replacing SMS OTPs? What role can telcos and CPaaS providers play in the new authentication stack? And how can we turn this disruption into opportunity?
Join us to shape what comes next.
My lifetime in IT and telecoms has been dedicated to innovation, building bridges and creating change. From the early days of cloud communications to working with operators on innovations and business development, and currently emphasizing APIs, CPaaS/CX and AI, my journey has been one of continuous evolution.
As founding partner at CPaaS Acceleration Alliance and The Next Cloud I'm privileged to help global telcos and techcos thrive in a fast changing world - through events, community building, strategy and global business development. I thrive on challenges and change, strategizing in cloud communications, and bringing people together for mutual success. Travel and continuous learning are my passions.
I believe the global communications industry is pivoting to prioritize customer experience and impactful solutions over mere technology and platforms, and we can tackle societal challenges by merging the strengths of corporates and innovators within new ecosystems.
Comments are closed