4 Multi-Factor Vulnerabilities to Watch Out For
Black Friday is right around the corner and while bargain hunters are preparing to find the best deals, fraudsters are making plans to prey on unsuspecting consumers. If your company uses multi-factor authentication (MFA) such as one-time SMS passwords (OTPs) to safeguard customer accounts, you might think you’re covered. But our recently published analysis of over 385,000 retroactive SMS & Voice OTP transactions, conducted using our Trust Score™ technology, unearthed 4 concerning multi-factor authentication vulnerabilities:
Black Friday is right around the corner and while bargain hunters are preparing to find the best deals, fraudsters are making plans to prey on unsuspecting consumers. If your company uses multi-factor authentication (MFA) such as one-time SMS passwords (OTPs) to safeguard customer accounts, you might think you’re covered. But our recently published analysis of over 385,000 retroactive SMS & Voice OTP transactions, conducted using our Trust Score™ technology, unearthed 4 concerning multi-factor authentication vulnerabilities:
- FinTech and e-Commerce/Retail may be particularly at risk. The analysis shows 2X and 18X higher chances, respectively, for low Trust Score transactions in these sectors.
- 2.5% of mobile MFA transactions were found to have low Trust Scores
- 5% of mobile transactions had low SIM tenure, indicating potentially fraudulent SIM swaps
- 10% of multi-factor authentication transactions were over Non-Fixed VoIP (voice over internet protocol, i.e. virtual phone numbers not tied to a physical address) lines. This increase in non-mobile device types is concerning because it indicates a potential opportunity for bad actors.
Download the report
The analysis indicates possible vulnerabilities in companies’ current multi-factor authentication processes, which may be unknown to the companies themselves. These results point to both major information deficits, such as outdated customer information, as well as risks that are not being addressed by in-place security measures, leaving companies and customers vulnerable to bad actors. The study also shows that these multi-factor authentication concerns can be addressed by fortifying one-time passwords with a trust indicator such as Prove’s Trust Score, which uses behavioral and phone intelligence signals to measure fraud risk and identity confidence.
Are your MFA transactions vulnerable?
Learn more about the Trust Score here
The modern
way of proving identity
Trusted by 1,000+ leading companies to reduce fraud and improve consumer
Keep reading
Read the article: Prove Appoints Industry Veteran Frances Zelazny to Bring Privacy-Preserving Biometrics to Its Identity PlatformProve has appointed biometrics industry veteran Frances Zelazny as General Manager of New Market Innovations to lead the development of privacy-preserving biometric and KYC compliance solutions. The move expands Prove’s digital identity platform with continuous, quantum-resistant identity assurance designed to combat AI-driven fraud and strengthen trust across the customer lifecycle.
Read the article: Prove Convenes Inaugural Executive Advisory Board to Define Trust Infrastructure for the Agentic EconomyProve launches its inaugural Executive Advisory Board, uniting banking, payments, and AI leaders to build trust infrastructure for the agentic economy.
Read the article: When Bots Look Human: A Master Class in Marketplace TrustExplore key insights from Marketplace Risk Management Conference leaders at DoorDash and Wolt on how AI-driven fraud, deepfakes, and bot attacks are reshaping marketplace trust and safety. Learn why continuous identity verification and proactive fraud prevention are becoming essential to protecting platform integrity across the entire customer journey.
Trusted by 2000+ leading companies to reduce fraud and improve consumer experiences, Prove is the world’s most accurate identity verification and authentication platform.
