Why Wert uses SMS OTP instead of email and password to login
When we were outlining the concept of Wert, there were many decisions to be made. Wert was built as an embedded service right from the start. Designed to be a natural extension of our partner's brands and their platforms. So, we did some research to find out what is important to the end user when buying assets through a built-in checkout.
In some cases and on some platforms, users are redirected to another website for payment processing or a user receives a notification from a service/company they do not recognize to sign up to in order to complete the checkout. This multi-step checkout process is cumbersome and our findings have shown that these issues can often lead a user to not trust the service, and therefore, disrupt the consumers checkout experience, resulting in loss of sales and customers for the brand in question. Moreover, switching to a card payment flow in a separate tab does not provide a smooth transition for the customer, especially in a mobile browser.
At Wert, we value our customers data and privacy, therefore, we do not collect or store more user data than is required. For many built-in payment services, the collection of data collected across customer touchpoints is a key driver for their multi-stage processes. By collecting and leveraging data, businesses then have the opportunity to retarget their customers at a later date to push new and diverse products. Our SMS OTP solution aligns with the core values of Web3 and allows us to engage and purchase products in a more private way, without users having to unwillingly share valuable personal information.
Another set of credentials created when already being logged in doesn’t sit well with the seamless integration, but what about security and convenience Passwords, emails and social logins are pieces of data, but what is more important is that users always forget them and can oftentimes be stolen. It’s much harder to get unauthorised access to a phone number than to an email. Even more, many email providers are relying on SMS for password recovery.
Using a phone number is less risky as an authorization method than email for many reasons. It shows the genuinity of the consumer. It’s something that connects a pure, virtual profile to the real world representation (connects virtual provide with a real individual). The less risky the consumer data, the less AML and KYC work needs to be performed, hence the better the UX. Also, phone numbers can be used for very important metadata - area code, carrier data, etc. Having this data helps to speed up onboarding and make risk based decisions for AML purposes.
Due to these ongoing issues with the current password systems in place in Web2, at Wert, we want to be passwordless. So, how does this work? Wert sends users an OTP every time they login or at signup. If there is no password to lose (or compromise) then there is no way to break in and profiles are secured by default.
In today's day and age, we always have our phones on us. By sending the OTP to a customer's number, there is no need to open a separate application to get access to the OTP. SMS is usually displayed on top of all the applications and can be read in without window switching.
To sum up:
Phone number authorization is better because
- Phone numbers are a more reputable source for user logins
- Hard to get them in bulk and they cannot be generated on the fly
- One-off SMS providers (or shared numbers) are documented and blacklisted
- Phone numbers carry more metadata for AML and anti-fraud purposes
- Doesn’t interfere with the existing user journey
- There is nothing to remember so there is nothing to forget