The telecoms industry has long relied on SMS for end-user two-factor authentication (2FA), but today a new method, flash calls, is offering a potentially game-changing alternative. What are flash calls and what could they potentially mean for the industry?
2FA via SMS is widespread, convenient, and very important. It helps prevent data breaches, password theft and identity theft. Furthermore, 2FA works: in 2021, Google auto-enrolled 150 million users into 2FA to access their accounts. The move realized a 50% decline in compromised accounts.
The traditional type of 2FA has involved an application or website using SMS to send a one-time password (OTP) to a user’s smartphone which the user then enters into the application to log in. This method now faces new competition from flash calls.
Flash calls are extremely short calls made to an end-user’s phone. The call is immediately dropped and appears to the phone end-user as a missed call. The application that requires authentication uses digits from the calling number (CLI) as the authentication code for the application, and the application, thanks to APIs, automatically receives the digits.
Spot the difference? That’s right, flash calls need no manual input from the end-user. The end-user doesn’t have to do anything and is notified almost immediately that their verification process has been successful.
It comes down to cost. The telecoms industry currently services over 2 trillion application-to-person (A2P) SMS messages a year, with around 80% of them being used for 2FA. But they cost money. Customers of A2P SMS services have been on the lookout for ways to reduce costs wherever possible: flash calls could give them a big one.
Research by Juniper forecasts that the number of calls used for flash authentication will reach around 130 billion worldwide by 2026, up from less than 60 million in 2021. This represents an astonishing growth of over 185,000% over the next five years. WhatsApp announced in August this year that it has started rolling out flash call authentication to users. It looks like an idea whose time has come.
From the perspective of a brand that needs to communicate authentication messages to its customers for 2FA purposes, flash calls cost less than SMS. According to some providers, the cost reduction of using flash calls over SMS can be as much as 60%. And from an end-user point of view, it offers an enhanced user experience (UX). It’s faster and more convenient as end-users literally don’t need to do anything. As such it can be a potential boon for end-users with limited digital skills, such as elderly people.
On the minus side, flash calls only work on Android smartphones, since Apple iOS security doesn’t let applications access information on received calls. The biggest drawback to flash calls come from the telecom operators’ perspective. Flash calls cannibalize operator A2P SMS revenues without bringing any compensation through additional voice revenues, since the calls are not actually answered by the recipient.
And, despite not generating revenues, flash calls do use up network resources and incur some costs. Plus, in addition to these additional operational expenses for telcos, if flash calls grow at the rates predicted by analysts, networks may not be able to adequately absorb this increase in traffic, which could affect Network Effectiveness Ratio (NER). This could require telcos to invest in networks to keep up quality of service (QoS) for all these new calls, while not receiving any revenues from them.
Some people’s initial reaction might be that telecom operators should simply block flash calls on their networks. This is not as straightforward as it initially sounds, since in most countries, flash calls are not considered fraud or illegal. One exception is Japan, which has a law that prohibits the use of machines to dial phones and then hang up before the call is connected.
But one potential way ahead could be for telcos to impose a low charge for flash calls. If proposed prices were pitched slightly below those of SMS, that could be an acceptable solution for both telcos and brands that need more affordable 2FA services. It could be a viable compromise: as enterprises migrate authentication traffic to voice, operators need to protect their SMS revenues and, ideally, attain flash calling revenues. By pivoting to support both SMS and flash calling, telcos have the opportunity to continue driving revenues from authentication.
