Multi-Factor Authentication (MFA) is a key requirement in ensuring a safe and secure transaction in the digital world. It’s defined as an electronic authentication method in which an event is verified only after successfully presenting two or more factors of authentication mechanism evidence. These factors are:
Most industry-wide strong authentication guidelines such as the National Institute of Standards and Technology’s (NIST) guidelines in the US or PSD2 SCA (strong customer authentication) rules in the EU follow the above guidelines or even mandate at least two of the above three factors be satisfied prior to the approval of high-risk events.
Currently, the use of MFA in online banking, payments, and other high-risk events relies heavily on SMS or voice one-time passcodes (OTPs). The usage of SMS as a delivery channel has multiple benefits: device- and network-agnostic, customer usage ease, organization administration ease, and database addition of telephone numbers.
Despite these benefits, OTPs have their own drawbacks. They can be subject to man-in-the-middle attacks and can be compromised by SIM-swap fraud. A study by Prove, which analyzed over 385,000 SMS and voice OTP-based transactions across industries, found that 5% of them had low SIM tenure, indicating a high possibility of a recent SIM swap or an account takeover. Another study on the top five US prepaid carriers conducted last year highlights that 80% of SIM swap attacks were successful because of authentication vulnerabilities.
This is not an issue that is confined to the US. It is a global one. For example:
With a rise in SIM swap and man-in-the-middle attacks, strengthening OTP is critical for companies who want to continue using it as a multi-factor authentication method. Factors such as length of the OTP, expiration period, delivery channel, and dynamic linking are important attributes to ensure safe usage of these one-time tokens.
At Prove, we are constantly experimenting with different combinations of these attributes for various use cases such as onboarding, transaction validation, and customer servicing to ensure it becomes harder for bad actors to compromise OTPs. Prove’s phone-centric approach revolves around strengthening MFA using additional signals such as device type, phone line type, device activity, SIM tenure, and other line attributes to allow customers to “Know-Before-You-Send.”
Here are some next-gen methods that can help fortify MFA:
Apart from the obvious advantages in significantly reducing identity theft, advanced solutions in identity proofing and authentication deliver several revenue and operational upsides such as better consumer experience, enhanced exception management, and lower cost of fraud management.
The COVID-19 pandemic has accelerated the pace of digital transformation across industries. However, it has also opened the door for bad actors to take advantage of weak security implementations at various interaction points. Companies need to look beyond traditional methods and adopt solutions that fortify existing authentication practices to fend off improvised identity takeover fraud—Prove can help.
Prove’s MFA solutions are available in 195 countries globally. To learn more about how Prove can help with and reinforce your MFA needs, please contact us.
Join over 1,000 businesses that rely on Prove across multiple industries, including banking, FinTech, healthcare, insurance, and e-commerce. Contact us today.
Contact us to learn how leading companies are using Prove Pre-Fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.
Get in touch to find out how we can help you identify your customers at every stage of their journey and offer them seamless and secure experiences.
Let our expert team guide you through our identity verification and authentication solutions. Select a date and time that works for you.
Find out how we can help you deliver seamless and secure customer experiences that comply with PSD2/SCA. Select a date and time that works for you.