WhatsApp recently added a new form of phone number verification and made it the new default, replacing the industry-recognized and much-loved verification SMS. It’s a simple feature that allows WhatsApp to leave a missed call on your number and then automatically check your call logs for that call as a way of verification. It’s dead simple but probably one of the best innovations that WhatsApp has released to date.
In this article, I’ll explain how this new feature is a huge upgrade on security, offers better UX, prevents scams, reduces bots, and, best of all, saves the company millions. Intrigued ?, read on…
The Innovation: Missed Call Verification
WhatApp’s new default verification method is a surprisingly simple and elegant take on user security. Simply allow WhatsApp to call you and grant the mobile app permission to manage the call so that they can automatically decline it. This makes sure the user doesn't accidentally answer the call and reduces user interaction, improving the user experience. Secondly, WhatsApp asks for permission to access your call logs to verify that the call did come in from the specified number.
This whole process has minimal user interaction, save for granting WhatsApp temporary permissions. The whole process is over in seconds without the user even realizing it.
A Step Up in Security
Now, I know what you’re thinking: how does this improve security? Let’s delve into it below:
- Cuts Down on Phishing Scams: Phishing attempts often trick users into revealing their OTPs. Less tech-savvy users are normally vulnerable to this type of attack as they’re not familiar with the importance of a one-time password. With Missed Call Verification, there’s no code to give away, significantly reducing the risk of phishing.
- Eliminates Interception Risk: Traditional SMS is not end-to-end encrypted and can be intercepted by hackers through various techniques. The missed call method has no message to intercept, which greatly reduces the risk of unauthorized account access.
- Bypass Network Delays and Issues: SMS messages can get delayed or lost due to network issues, creating opportunities for attacks during the wait. Missed calls are immediate and less prone to such network-related vulnerabilities.
- Averts Automated Bot Registrations: Bots can register multiple accounts using SMS-based OTPs, but the need for a physical phone to receive a call reduces the chance of process automation, ensuring only genuine users can verify accounts.
- Strengthens Authentication: By adding a step that requires the physical phone, WhatsApp is strengthening the “something you have” aspect of authentication, making unauthorized access much more challenging.
Dialing Down Costs: The Financial Genius Behind the Ring
In March 2023, Elon Musk made headlines for disabling SMS-based 2-factor authentication (2FA) for free Twitter / X accounts. He made a bold claim that the company was losing up to $60 million due to ATP scams, which include premium number scams and automated bots pumping SMS traffic.
Now, whether or not this figure is true, it paints a picture of the cost of SMS verification to companies. WhatsApp has 5x more users than Twitter, meaning it was probably bleeding more money due to scam SMSs. Beyond the cost of scam SMSs, there is the actual cost of SMSs themselves, which is, on average, 3 cents per SMS. For WhatsApp’s 2 Billion+ user base, this is another $60+ million dollars going towards a security protocol that is widely regarded as insecure.
Switching to missed call verification easily saves at least $100 million (SMS + scam costs) on SMS costs alone. Beyond this, it also makes for more standardized costs as WhatsApp no longer has to use variable rate SMS prices where some markets can be expensive and unreliable. Additionally, they also reduce the infrastructure costs required to queue and retry messages.
Another big win is this ultimately leads to fewer customer support queries, especially related to fraud and unreliable SMSs. With a better trust rating, WhatsApp is more likely to retain its users, especially in competition from security-focused apps like Telegram.
The Icing on Top: Improved User Experience
On top of all the security and financial benefits of this solution, WhatsApp managed to score big by keeping the experience user-centric. The new feature is simple and easy to use, needing minimal user interaction.
The new feature is also faster, cutting the need to wait 60 seconds for the unreliable SMS to come through. It also doesn't clutter your SMS inbox with unnecessary SMSs, keeping your phone clean and organized.
The Challenges Ahead
While a clear breakthrough innovation, WhatsApp will need to educate its users on the benefits of this new default system over SMS verification. I’d actually advise them to fully phase out SMS verification, as non-tech savvy users can still be tricked into opting for the OTP-based verification and sharing their OTP. Additionally, WhatsApp needs to stay ahead of the curve, monitoring for new scams and potential vulnerabilities to ensure continued security on the platform.
Conclusion: A Call to Reflect
In a world where most innovators are looking at AI, the blockchain, or the metaverse, WhatsApp chose a novel and simple solution that not only solved a user problem but was also cost-effective. WhatsApp’s missed call verification is more than a feature; it’s a call to innovate and reflect on problem-solving.
As an aspiring Product Manager, I am training myself to think beyond the hype and buzz of new technology. Solutions do not always have to use new tech, and innovation doesn’t always need to be bold and loud; sometimes, it can just be simple.
“Complexity is your enemy. Any fool can make something complicated. It is hard to make something simple”. — Richard Branson