Axis Bank on Wednesday said it has been able to cut internet banking fraud significantly using its mobile banking app after replacing SMS-based one-time passwords (OTPs) with a more secure in-app OTP authentication.

It has introduced a suite of security measures, including in-app OTPs, facial authentication and customer-controlled transaction safeguards, while embedding AI-driven risk monitoring systems to detect suspicious activity in real time.

“SMS OTP is probably the easiest to compromise because fraudsters can obtain it through social engineering or malware-enabled message forwarding,” said Sameer Shetty, group head – digital business, transformation and strategic programs, Axis Bank. To address this vulnerability, the bank has introduced in-app OTPs, where transaction authentication codes are delivered directly through its mobile banking application.

The bank has also introduced facial authentication as a biometric verification layer and plans to offer multiple authentication options to offer greater security.

“The entire migration that we did from OTP over SMS to mobile OTP for customers who are active on our mobile banking app has led to a 70 per cent reduction in the incidence of internet banking fraud for us,” said Gaurav Gupta, group head – financial crime intelligence, Axis Bank.

The lender has also rolled out customer-controlled security features, including the ability to block unauthorised digital closure of fixed deposits and restrict transactions during specified hours to mitigate fraud risks.