New Study by Prove Unveils Large-Scale Consumer Multi-Factor Authentication Vulnerabilities
- Analysis finds that FinTech and e-Commerce/Retail sectors may be particularly at risk going into the holiday season
- Findings underscore the importance of utilizing a trust indicator to secure multi-factor authentication and mark the successful integration of Prove’s recently acquired Multi-Factor Authentication solutions into its broader platform
New York, NY (November 18, 2020) – Prove, the modern platform for phone identity, today announced the release of a new analysis highlighting critical consumer multi-factor authentication (MFA) vulnerabilities. Key findings of the study, which was conducted using the company’s award-winning Trust Score™ technology, include a marked increase in the number of multi-factor authentication transactions over Non-Fixed VoIP lines (virtual phone numbers not tied to a physical address), as well as a particularly high risk of fraud in the FinTech and e-Commerce/Retail sectors. The report, entitled Trust Score Transaction Vulnerability Analysis, can be downloaded here.
Prove’s analysis scrutinized over 385,000 retroactive SMS & Voice one-time password (OTP) transactions and discovered several key concerns including:
- 10% of multi-factor authentication transactions were over Non-Fixed VoIP (voice over internet protocol, i.e. virtual phone numbers not tied to a physical address) lines. Why this is concerning: This increase in non-mobile device types is concerning because it indicates a potential opportunity for bad actors.
- FinTech and e-Commerce/Retail may be particularly at risk. The analysis shows 2X and 18X higher chances, respectively, for low Trust Score transactions in these sectors. Why this is concerning:
- Trouble heading into the holidays: FinTech/Financial Services and eCommerce/Retail lead in global holiday season account fraud annual increases, with Cryptocurrency at 178.4%, Financial Services at 81.7%, and Retail at 29.3% YoY fraud rate growth.
- E-Commerce is trending upwards and expected to account for 19.2% of all retail transactions by 2024, leading to more digital fraud exposure risk.
- 2.5% of mobile MFA transactions were found to have low Trust Score and 5% were found to have low SIM tenure, indicating recent SIM card swaps. Why this is concerning:
- In a study of top 5 U.S. prepaid carriers, 80% of attempted SIM-swap attacks were successful as a result of “insecure authentication challenges that could easily be subverted by attackers”.
- The Federal Reserve found that 85-95% of applicants identified as synthetic identities are not flagged by traditional fraud models.
- Identity fraud accounts for $16.9B in annual losses in the U.S.
Prove’s analysis indicates possible vulnerabilities in companies’ current authentication processes, which may be unknown to the companies themselves. These results point to both major information deficits, such as outdated customer information, as well as risks that are not being addressed by in-place security measures, leaving companies and customers vulnerable to bad actors. The study also shows that these multi-factor authentication concerns can be addressed by fortifying one-time passwords with a trust indicator such as Prove’s Trust Score, which uses behavioral and phone intelligence signals to measure fraud risk and identity confidence.
This analysis marks the successful integration of Prove’s newly acquired Multi-Factor Authentication solutions into its modern identity authentication platform less than six months after Prove acquired them from Early Warning Services, LLC, along with other solutions including mobile authentication, orchestration solutions, and the complete Authentify® line of business. These capabilities can now be deployed in conjunction with Prove’s other products, including Trust Score.
“We are thrilled to announce the successful integration of our recently acquired Multi-Factor Authentication solutions with Prove’s award-winning phone identity platform in such a rapid period of time,” said Geoff Miller, SVP of Global Fraud and Identity Solutions at Prove. “This analysis demonstrates the enormous value of combining best-in-class MFA capabilities with Prove’s platform to identify vulnerabilities, which Prove’s wide array of solutions can in turn help to solve and defend.”
For the full analysis and to learn more about how to fortify your multi-factor authentication processes with Trust Score and other security enhancing solutions, click here.
About Prove
Prove is the modern platform for phone identity and is used by over 1,000 enterprises and 500 financial institutions including 8 of the top 10 U.S. banks. Prove’s global solutions and phone intelligence-driven APIs can be easily orchestrated to increase Approve Rates to over 90%, enabling companies to verify and authenticate customer identities accurately, effortlessly, and privately, while mitigating fraud. Prove’s solutions are available in 195 countries. For the latest updates from Prove, follow us on LinkedIn.
Press Contact:
Mallory Edmondson
pr@prove.com
(415) 710-2804
Keep reading
Prove’s solutions can help businesses make their online customer experiences faster, easier and more secure.
While the rise of deepfake technology is not totally new, its level of sophistication presents new challenges for businesses seeking to deliver frictionless digital onboarding experiences to their customers.
Prove and BetMGM, the sports betting and iGaming leader, have entered into a partnership which will elevate the security standards and user experience for BetMGM customers through the Prove Pre-Fill® identity solution.
Trusted by 1,000+ leading companies to reduce fraud and improve consumer experiences, Prove is the world’s most accurate identity verification and authentication platform.
