Company News

New Study by Prove Unveils Large-Scale Consumer Multi-Factor Authentication Vulnerabilities

Post by:
February 17, 2021
Post by:
No items found.
February 17, 2021
New Study by Prove Unveils Large-Scale Consumer Multi-Factor Authentication VulnerabilitiesNew Study by Prove Unveils Large-Scale Consumer Multi-Factor Authentication Vulnerabilities
  • Analysis finds that FinTech and e-Commerce/Retail sectors may be particularly at  risk going into the holiday season
  • Findings underscore the importance of utilizing a trust indicator to secure multi-factor authentication and mark the successful integration of Prove’s recently acquired Multi-Factor Authentication solutions into its broader platform

New York, NY (November 18, 2020) – Prove, the modern platform for phone identity, today announced the release of a new analysis highlighting critical consumer multi-factor authentication (MFA) vulnerabilities. Key findings of the study, which was conducted using the company’s award-winning Trust Score™ technology, include a marked increase in the number of multi-factor authentication transactions over Non-Fixed VoIP lines (virtual phone numbers not tied to a physical address), as well as a particularly high risk of fraud in the FinTech and e-Commerce/Retail sectors. The report, entitled Trust Score Transaction Vulnerability Analysis, can be downloaded here.

Prove’s analysis scrutinized over 385,000 retroactive SMS & Voice one-time password (OTP) transactions and discovered several key concerns including:

  • 10% of multi-factor authentication transactions were over Non-Fixed VoIP (voice over internet protocol, i.e. virtual phone numbers not tied to a physical address) lines. Why this is concerning: This increase in non-mobile device types is concerning because it indicates a potential opportunity for bad actors.
  • 2.5% of mobile MFA transactions were found to have low Trust Score and 5% were found to have low SIM tenure, indicating recent SIM card swaps. Why this is concerning:
  • In a study of top 5 U.S. prepaid carriers, 80% of attempted SIM-swap attacks were successful as a result of “insecure authentication challenges that could easily be subverted by attackers”.
  • The Federal Reserve found that 85-95% of applicants identified as synthetic identities are not flagged by traditional fraud models.
  • Identity fraud accounts for $16.9B in annual losses in the U.S.

Prove’s analysis indicates possible vulnerabilities in companies’ current authentication processes, which may be unknown to the companies themselves. These results point to both major information deficits, such as outdated customer information, as well as risks that are not being addressed by in-place security measures, leaving companies and customers vulnerable to bad actors. The study also shows that these multi-factor authentication concerns can be addressed by fortifying one-time passwords with a trust indicator such as Prove’s Trust Score, which uses behavioral and phone intelligence signals to measure fraud risk and identity confidence.

This analysis marks the successful integration of Prove’s newly acquired Multi-Factor Authentication solutions into its modern identity authentication platform less than six months after Prove acquired them from Early Warning Services, LLC, along with other solutions including mobile authentication, orchestration solutions, and the complete Authentify® line of business. These capabilities can now be deployed in conjunction with Prove’s other products, including Trust Score.

“We are thrilled to announce the successful integration of our recently acquired Multi-Factor Authentication solutions with Prove’s award-winning phone identity platform in such a rapid period of time,” said Geoff Miller, SVP of Global Fraud and Identity Solutions at Prove. “This analysis demonstrates the enormous value of combining best-in-class MFA capabilities with Prove’s platform to identify vulnerabilities, which Prove’s wide array of solutions can in turn help to solve and defend.”

For the full analysis and to learn more about how to fortify your multi-factor authentication processes with Trust Score and other security enhancing solutions, click here.

About Prove

Prove is the modern platform for phone identity and is used by over 1,000 enterprises and 500 financial institutions including 8 of the top 10 U.S. banks. Prove’s global solutions and phone intelligence-driven APIs can be easily orchestrated to increase Approve Rates to over 90%, enabling companies to verify and authenticate customer identities accurately, effortlessly, and privately, while mitigating fraud. Prove’s solutions are available in 195 countries. For the latest updates from Prove, follow us on LinkedIn.

Press Contact:

Mallory Edmondson

(415) 710-2804

Create secure frictionless customer experiences using modern identity solutions

Join over 1,000 businesses that rely on Prove across multiple industries, including banking, FinTech, healthcare, insurance, and e-commerce. Contact us today.

Prove: the world’s most accurate identity verification and authentication platform

Trusted by 1,000+ leading companies to reduce fraud and improve consumer experiences. Contact us today to learn how you can frictionlessly secure your digital consumer journey — from onboarding to ongoing transactions.

Keep Reading...Read our latest white-paper on this subject!

Tap the button below to read our latest white-paper on the subject as industry leaders.

Accelerate your onboarding

Contact us to learn how leading companies are using Prove Pre-Fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.

Create frictionless customer experiences

Get in touch to find out how we can help you identify your customers at every stage of their journey and offer them seamless and secure experiences.

Schedule a demo

Let our expert team guide you through our identity verification and authentication solutions. Select a date and time that works for you.

Schedule a demo

Find out how we can help you deliver seamless and secure customer experiences that comply with PSD2/SCA. Select a date and time that works for you.

Interested in more information about Prove Pre-Fill?

Download the Report

Download Aite-Novarica Group’s full report about Prove Pre-Fill, including a product overview, customer results, and how the product works.

Interested in more information about MFA?

Download the guide now to learn how you can improve security, cut down on fraud, and create the best possible customer experience.