Company News

New Study by Prove Unveils Large-Scale Consumer Multi-Factor Authentication Vulnerabilities

Post by:
Prove
February 17, 2021
New Study by Prove Unveils Large-Scale Consumer Multi-Factor Authentication Vulnerabilities
  • Analysis finds that FinTech and e-Commerce/Retail sectors may be particularly at  risk going into the holiday season
  • Findings underscore the importance of utilizing a trust indicator to secure multi-factor authentication and mark the successful integration of Prove’s recently acquired Multi-Factor Authentication solutions into its broader platform

New York, NY (November 18, 2020) – Prove, the modern platform for phone identity, today announced the release of a new analysis highlighting critical consumer multi-factor authentication (MFA) vulnerabilities. Key findings of the study, which was conducted using the company’s award-winning Trust Score™ technology, include a marked increase in the number of multi-factor authentication transactions over Non-Fixed VoIP lines (virtual phone numbers not tied to a physical address), as well as a particularly high risk of fraud in the FinTech and e-Commerce/Retail sectors. The report, entitled Trust Score Transaction Vulnerability Analysis, can be downloaded here.

Prove’s analysis scrutinized over 385,000 retroactive SMS & Voice one-time password (OTP) transactions and discovered several key concerns including:

  • 10% of multi-factor authentication transactions were over Non-Fixed VoIP (voice over internet protocol, i.e. virtual phone numbers not tied to a physical address) lines. Why this is concerning: This increase in non-mobile device types is concerning because it indicates a potential opportunity for bad actors.
  • 2.5% of mobile MFA transactions were found to have low Trust Score and 5% were found to have low SIM tenure, indicating recent SIM card swaps. Why this is concerning:
  • In a study of top 5 U.S. prepaid carriers, 80% of attempted SIM-swap attacks were successful as a result of “insecure authentication challenges that could easily be subverted by attackers”.
  • The Federal Reserve found that 85-95% of applicants identified as synthetic identities are not flagged by traditional fraud models.
  • Identity fraud accounts for $16.9B in annual losses in the U.S.

Prove’s analysis indicates possible vulnerabilities in companies’ current authentication processes, which may be unknown to the companies themselves. These results point to both major information deficits, such as outdated customer information, as well as risks that are not being addressed by in-place security measures, leaving companies and customers vulnerable to bad actors. The study also shows that these multi-factor authentication concerns can be addressed by fortifying one-time passwords with a trust indicator such as Prove’s Trust Score, which uses behavioral and phone intelligence signals to measure fraud risk and identity confidence.

This analysis marks the successful integration of Prove’s newly acquired Multi-Factor Authentication solutions into its modern identity authentication platform less than six months after Prove acquired them from Early Warning Services, LLC, along with other solutions including mobile authentication, orchestration solutions, and the complete Authentify® line of business. These capabilities can now be deployed in conjunction with Prove’s other products, including Trust Score.

“We are thrilled to announce the successful integration of our recently acquired Multi-Factor Authentication solutions with Prove’s award-winning phone identity platform in such a rapid period of time,” said Geoff Miller, SVP of Global Fraud and Identity Solutions at Prove. “This analysis demonstrates the enormous value of combining best-in-class MFA capabilities with Prove’s platform to identify vulnerabilities, which Prove’s wide array of solutions can in turn help to solve and defend.”

For the full analysis and to learn more about how to fortify your multi-factor authentication processes with Trust Score and other security enhancing solutions, click here.

About Prove

Prove is the modern platform for phone identity and is used by over 1,000 enterprises and 500 financial institutions including 8 of the top 10 U.S. banks. Prove’s global solutions and phone intelligence-driven APIs can be easily orchestrated to increase Approve Rates to over 90%, enabling companies to verify and authenticate customer identities accurately, effortlessly, and privately, while mitigating fraud. Prove’s solutions are available in 195 countries. For the latest updates from Prove, follow us on LinkedIn.

Press Contact:

Mallory Edmondson

pr@prove.com

(415) 710-2804

Create secure frictionless customer experiences using modern identity solutions

Join over 1,000 businesses that rely on Prove across multiple industries, including banking, FinTech, healthcare, insurance, and e-commerce. Contact us today.

Accelerate your onboarding

Contact us to learn how leading companies are using Prove Pre-Fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.

Create frictionless customer experiences

Get in touch to find out how we can help you identify your customers at every stage of their journey and offer them seamless and secure experiences.

Schedule a demo

Let our expert team guide you through our identity verification and authentication solutions. Select a date and time that works for you.

Schedule a demo

Find out how we can help you deliver seamless and secure customer experiences that comply with PSD2/SCA. Select a date and time that works for you.