Every quarter, Prove gathers industry executives in identity, fraud, and risk to discuss hot topics, key trends in the industry. This is a summary of what we discussed in Q1:
By establishing a connection between the user attempting to onboard and their phone, Prove protected its clients and consumers from tax and identity fraud.
Bad actors used social engineering and online SMS services to perform an OTP authentication and attempt to file taxes using stolen PII before legitimate taxpayers could file.
Prove also identified fraudulent transactions where bad actors recently claimed ownership of the phone number (e.g., less than 90 days before the attack).
For further protection, and to avoid the potential fraudulent transactions altogether, clients can replace traditional SMS OTP workflows with next generation authentication services that protect against social engineering, such as Prove’s Mobile Auth possession check that is performed as part of Prove Identity™ solution.
What is Prove’s next security enhancement? We are developing a signal to tag phone numbers associated with online SMS services as being higher risk.
Fraud experts were alive with chatter about a potential SS7 vulnerability that could lead to SIM Cloning attacks. Our telephony experts dug in to clear up any confusion.
SIM cloning happens when someone creates a duplicate SIM card from an existing one. When deployed correctly, the SS7 protocol (international standard architecture for telephony signals) protects against SIM Cloning.
During our investigation, Prove identified that “usage forking” is commonly confused with SIM Cloning. Usage forking occurs when a bad actor accesses a phone number via an online portal or paid ‘fraud-as-a-service’ and uses the phone number without the actual owner knowing.
Prove continues to observe that high-risk transactions secured only by an OTP (SMS or Voice) are vulnerable to attacks. In some cases, bad actors used the same phone number combined with many different sets of stolen PII to try and create accounts. Without using a separate reputation check and phone ownership check as part of the authentication process, it’s tough to identify and prevent fraud.
PRO is a powerful methodology designed to prevent fraud through a layered, secure approach.
The discussion among Prove's industry executives in identity, fraud, and risk highlighted the importance of developing and implementing next-generation authentication services to combat social engineering and fraud attacks. A warm thank you to all of the executives who participated in this critical discussion.
Join over 1,000 businesses that rely on Prove across multiple industries, including banking, FinTech, healthcare, insurance, and e-commerce. Contact us today.
Trusted by 1,000+ leading companies to reduce fraud and improve consumer experiences. Contact us today to learn how you can frictionlessly secure your digital consumer journey — from onboarding to ongoing transactions.
Tap the button below to read our latest white-paper on the subject as industry leaders.
Contact us to learn how leading companies are using Prove Pre-Fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.
Get in touch to find out how we can help you identify your customers at every stage of their journey and offer them seamless and secure experiences.
Let our expert team guide you through our identity verification and authentication solutions. Select a date and time that works for you.
Find out how we can help you deliver seamless and secure customer experiences that comply with PSD2/SCA. Select a date and time that works for you.
Download Aite-Novarica Group’s full report about Prove Pre-Fill, including a product overview, customer results, and how the product works.
Download the guide now to learn how you can improve security, cut down on fraud, and create the best possible customer experience.