ClickCease

4 Multi-Factor Vulnerabilities to Watch Out For

Black Friday is right around the corner and while bargain hunters are preparing to find the best deals, fraudsters are making plans to prey on unsuspecting consumers. If your company uses multi-factor authentication (MFA) such as one-time SMS passwords (OTPs) to safeguard customer accounts, you might think you’re covered. But our recently published analysis of over 385,000 retroactive SMS & Voice OTP transactions, conducted using our Trust Score™ technology, unearthed 4 concerning multi-factor authentication vulnerabilities:

February 17, 2021
Prove
Learn More about the author: 4 Multi-Factor Vulnerabilities to Watch Out For
Share:

Black Friday is right around the corner and while bargain hunters are preparing to find the best deals, fraudsters are making plans to prey on unsuspecting consumers. If your company uses multi-factor authentication (MFA) such as one-time SMS passwords (OTPs) to safeguard customer accounts, you might think you’re covered. But our recently published analysis of over 385,000 retroactive SMS & Voice OTP transactions, conducted using our Trust Score™ technology, unearthed 4 concerning multi-factor authentication vulnerabilities:

  • FinTech and e-Commerce/Retail may be particularly at risk. The analysis shows 2X and 18X higher chances, respectively, for low Trust Score transactions in these sectors.
  • 2.5% of mobile MFA transactions were found to have low Trust Scores
  • 5% of mobile transactions had low SIM tenure, indicating potentially fraudulent SIM swaps
  • 10% of multi-factor authentication transactions were over Non-Fixed VoIP (voice over internet protocol, i.e. virtual phone numbers not tied to a physical address) lines. This increase in non-mobile device types is concerning because it indicates a potential opportunity for bad actors.

Download the report

The analysis indicates possible vulnerabilities in companies’ current multi-factor authentication processes, which may be unknown to the companies themselves. These results point to both major information deficits, such as outdated customer information, as well as risks that are not being addressed by in-place security measures, leaving companies and customers vulnerable to bad actors. The study also shows that these multi-factor authentication concerns can be addressed by fortifying one-time passwords with a trust indicator such as Prove’s Trust Score, which uses behavioral and phone intelligence signals to measure fraud risk and identity confidence. 

Are your MFA transactions vulnerable?

Read the full report here

Learn more about the Trust Score here

The modern
way of proving identity

Trusted by 2500+ leading companies to reduce fraud and improve consumer

Prove

Keep reading

See all blogs
Read the article: Account Takeovers: The Silent Revenue Killer
Blog
Account Takeovers: The Silent Revenue Killer

Account takeover (ATO) fraud is rapidly becoming one of the biggest threats facing digital marketplaces and gig platforms. Learn how ATO attacks work, why they are accelerating, the latest fraud trends and statistics, and how continuous identity verification helps organizations prevent account takeovers while protecting revenue, customer trust, and user experience.

Blog
Read the article: The Silent Drain: How SMS Pumping Is Bleeding Digital Marketplaces Dry
Blog
The Silent Drain: How SMS Pumping Is Bleeding Digital Marketplaces Dry

SMS pumping fraud is silently increasing verification costs for digital marketplaces by exploiting OTP workflows. Explore how these attacks operate, why traditional SMS authentication is failing, and how proactive phone intelligence can prevent fraud before an SMS is sent.

Blog
Read the article: Prove and Baselayer Partner to Bring Real-Time Business Verification to ProveX
Blog
Prove and Baselayer Partner to Bring Real-Time Business Verification to ProveX

Prove and Baselayer simplify business verification by combining trusted identity, real-time KYB intelligence, and seamless onboarding into a single workflow without requiring additional verification steps.

Blog