SMS OTP Is Failing – Here’s What Comes Next, According to Vonage and AT&T

Vonage and AT&T are calling time on SMS one-time passwords, arguing the authentication method is too compromised to remain a reliable security standard. The two companies are pushing the industry toward network-based verification alternatives that don't rely on interceptable text messages.

The Details

SMS OTP fraud has reached a scale that's difficult to ignore. SIM swapping, SS7 protocol exploits, and increasingly sophisticated phishing attacks have made text-based authentication codes a weak link across banking, insurance, e-commerce, and online services.

Vonage and AT&T are pointing to a new generation of verification approaches as replacements:

• Silent network authentication (SNA): Verifies a user's identity by checking their phone number against carrier data in the background, with no user interaction required
• Number verify / SIM-based auth: Confirms whether a SIM card matches expected parameters at the moment of login
• Carrier-grade signals: Real-time data from the network layer that can flag anomalies before fraud occurs

The core argument from both companies is that SMS was never designed for security. It was designed for communication, and using it as an authentication layer has always been a workaround rather than a proper solution.

"The telco industry has a unique vantage point here. We see the network signals that fraudsters can't spoof as easily as an SMS."

The shift matters beyond just authentication: it reframes telecom infrastructure as an active security layer, not just a pipe for data.

Why This Matters for Service Providers

MSPs and telecom resellers need to pay attention here for two reasons. First, the clients you serve, especially in financial services, healthcare, and retail, are under regulatory and operational pressure to strengthen authentication. If you're not bringing solutions to that conversation, someone else will be.

Second, network-based authentication is a billable service layer, not just a feature. Carriers and platforms that expose these APIs create a new revenue opportunity for resellers who can package and deliver them to end customers. This connects directly to the broader trend of MSP revenue stacking with security and voice services, where security capabilities become a growth pillar rather than a cost center.

For resellers already in the compliance space, the STIR/SHAKEN and TCPA compliance landscape is already pushing in this direction. Authentication integrity is increasingly part of the same regulatory conversation.

Looking Ahead

Watch for carriers to begin packaging SNA and SIM-based verification as commercial API products over the next 12 to 18 months. Resellers who build familiarity with these offerings now will be positioned to lead the conversation when client demand accelerates.

For the full story, read the original article on UC Today.