Before processing online financial transactions, a bank will send One Time password (OTP) on the registered mobile number of the customer trying to send money to the payee. OTP sent on mobile or an email address acts as a measure to verify that person is genuine.
The following are possible scenarios for OTP received on mobile.
- OTP should be received within the specific time period,
- OTP must only be received over the registered mobile number or email address provided
- Previously sent OTP if used should not allow any transaction
- Expired OTP should not be used in any transaction
- Already used OTP can not be reapplied for any other transactions.
- There should be a facility to receive OTP again.
- The resent OTP should not match with any of the previously sent or future OTP.
- OTP should be case sensitive and should not be accepted if not used exactly as received on mobile or email.