Phone and mobile signals, collectively called mobile intelligence, have increasingly been used by enterprises as a critical source of data to authenticate consumer identity in order to prevent fraud and create frictionless customer experiences. Mobile Network Operators (MNOs) have long been the custodians and the providers of this raw data. Enterprises such as banks have leveraged this data to digitally identify their customers and perform stronger authentication of financial transactions. However, exponential growth in digital transactions globally and increasing sophistication in fraud have exposed the limitations of this approach, highlighting the need for an algorithmic model that taps into multiple data sources and attributes in order to assess the trustworthiness of a transaction.
Subscriber coverage is a critical success factor to achieving efficacy while fighting fraud. Enterprises must ensure that every one of their existing customers and prospective clients can be assessed and scored for risk of identity fraud. This requires partnering and integrating with each MNO, maintaining the relationships, and periodically refreshing the integrations. As per Statista, in the US, AT&T owns roughly 44% of the subscriber base, followed by Verizon at 30% and T-Mobile at 25%. Engaging in direct partnerships with carriers can demonstrate results only when coverage is maximized through multiple partnerships. This is not a scalable approach and hampers time to market. A better, and faster alternative is to integrate with mobile identity providers such as Prove which in turn connects to all major carriers in the market using a single API. Prove can verify the owner and user of a phone line for 90% of the 700 million active US phone lines (across mobile, VoIP, and landline).
Another key aspect to consider is whether curating the raw data provided by carriers alone is sufficient to fight the threat of emerging, sophisticated fraud vectors. Consider the recent cyber-breach at T-Mobile where close to 400 customers had their data stolen. Using the customer’s stolen PIN, cybercriminals could easily trick T-Mobile’s Customer Support Team into authorizing a SIM Swap, thereby diverting all text messages and calls to the cybercriminal’s phone. In another instance of fraud, attackers were able to fraudulently add entries to the OSR (Override Services Registry) to send copies of SMSes to themselves. This allowed the attackers to retrieve SMS one-time passcodes. It is therefore critical that identity verification and authentication leverages signals and data from multiple sources beyond those provided by carriers.
Lastly, raw phone and mobile intelligence data may not be sufficient to create the most optimal identity verification and authentication processes. Fear of fraud creates a ‘Trust Gap’ forcing low pass rates and less than ideal customer experiences. Apart from high operational cost, Trust Gap cripples the potential for new revenues. It is, therefore, essential to combine mobile intelligence data with historical patterns and data from other authoritative sources to algorithmically score the trustworthiness of a transaction. This would drastically reduce false negatives and help improve pass through rates.
Evidently, while raw mobile intelligence data provided by carriers are useful in establishing Possession, it falls short of establishing the Reputation of a phone number. Enterprises must have an authentication model that combines behavioral and phone intelligence signals to measure a phone number’s fraud risk and identity confidence in real time.
Trust Score™ is a real-time measure of a phone number’s reputation. By identifying phone numbers that have been associated with a SIM swap or other suspicious activity, Prove stops would-be scammers in their tracks and prevents them from bypassing the Two-Factor Verification process. In the United States, Trust Score has a 100% coverage on all line types. In the UK, it connects with all four major carriers, i.e., EE, O2, Three, and Vodafone.
Prove’s proprietary algorithm consumes these carrier signals and uses Prove’s managed identity intelligence to generate the Trust Score for the phone number. Signals used in the score include the frequency, tenure, and recency of phone changes (e.g., SIM swaps, ports, phone number changes, device upgrades), and other carrier and internal phone intelligence. Scaled from 0 to 1000 (with a score of less than 300 classified as low-trust, high-risk), the Trust Score model can be implemented to secure use cases across account enrollment, login, high-risk events, and customer communications. With this analysis, the Trust Score™ is designed to return to the client milliseconds after the request.
As cybercriminals adopt newer technologies, bolstering the Two-Factor Verification process is critical for both businesses and their consumers. Prove’s Trust Score™ does just that.
If you’d like to Prove to help you, please share your details with us.
Get in touch