I have these questions on CA Mobile OTP:
1. When user inputs the Mobile OTP, when it travels to CA AA server is it encrypted?
2. Do we store CA Mobile OTP in database in clear text?

Release: All
Component: Strong Authentication

1. The Mobile OTP key(card string) is encrypted with the activation code when sent to the client device. However, we recommend to use HTTPS for all communications for added security.
2. Mobile OTP key is encrypted and stored in the database table ARWFARCOTOTP.