New Study by Prove Unveils Large-Scale Consumer Multi-Factor Authentication Vulnerabilities

February 17, 2021
  • Analysis finds that FinTech and e-Commerce/Retail sectors may be particularly at  risk going into the holiday season
  • Findings underscore the importance of utilizing a trust indicator to secure multi-factor authentication and mark the successful integration of Prove’s recently acquired Multi-Factor Authentication solutions into its broader platform

New York, NY (November 18, 2020) – Prove, the modern platform for phone identity, today announced the release of a new analysis highlighting critical consumer multi-factor authentication (MFA) vulnerabilities. Key findings of the study, which was conducted using the company’s award-winning Trust Score™ technology, include a marked increase in the number of multi-factor authentication transactions over Non-Fixed VoIP lines (virtual phone numbers not tied to a physical address), as well as a particularly high risk of fraud in the FinTech and e-Commerce/Retail sectors. The report, entitled Trust Score Transaction Vulnerability Analysis, can be downloaded here.

Prove’s analysis scrutinized over 385,000 retroactive SMS & Voice one-time password (OTP) transactions and discovered several key concerns including:

  • 10% of multi-factor authentication transactions were over Non-Fixed VoIP (voice over internet protocol, i.e. virtual phone numbers not tied to a physical address) lines. Why this is concerning: This increase in non-mobile device types is concerning because it indicates a potential opportunity for bad actors.
  • 2.5% of mobile MFA transactions were found to have low Trust Score and 5% were found to have low SIM tenure, indicating recent SIM card swaps. Why this is concerning:
  • In a study of top 5 U.S. prepaid carriers, 80% of attempted SIM-swap attacks were successful as a result of “insecure authentication challenges that could easily be subverted by attackers”.
  • The Federal Reserve found that 85-95% of applicants identified as synthetic identities are not flagged by traditional fraud models.
  • Identity fraud accounts for $16.9B in annual losses in the U.S.

Prove’s analysis indicates possible vulnerabilities in companies’ current authentication processes, which may be unknown to the companies themselves. These results point to both major information deficits, such as outdated customer information, as well as risks that are not being addressed by in-place security measures, leaving companies and customers vulnerable to bad actors. The study also shows that these multi-factor authentication concerns can be addressed by fortifying one-time passwords with a trust indicator such as Prove’s Trust Score, which uses behavioral and phone intelligence signals to measure fraud risk and identity confidence.

This analysis marks the successful integration of Prove’s newly acquired Multi-Factor Authentication solutions into its modern identity authentication platform less than six months after Prove acquired them from Early Warning Services, LLC, along with other solutions including mobile authentication, orchestration solutions, and the complete Authentify® line of business. These capabilities can now be deployed in conjunction with Prove’s other products, including Trust Score.

“We are thrilled to announce the successful integration of our recently acquired Multi-Factor Authentication solutions with Prove’s award-winning phone identity platform in such a rapid period of time,” said Geoff Miller, SVP of Global Fraud and Identity Solutions at Prove. “This analysis demonstrates the enormous value of combining best-in-class MFA capabilities with Prove’s platform to identify vulnerabilities, which Prove’s wide array of solutions can in turn help to solve and defend.”

For the full analysis and to learn more about how to fortify your multi-factor authentication processes with Trust Score and other security enhancing solutions, click here.

About Prove

Prove is the modern platform for phone identity and is used by over 1,000 enterprises and 500 financial institutions including 8 of the top 10 U.S. banks. Prove’s global solutions and phone intelligence-driven APIs can be easily orchestrated to increase Approve Rates to over 90%, enabling companies to verify and authenticate customer identities accurately, effortlessly, and privately, while mitigating fraud. Prove’s solutions are available in 195 countries. For the latest updates from Prove, follow us on LinkedIn.

Press Contact:

Mallory Edmondson

(415) 710-2804

Keep reading

See all blogs
Fraud in the Age of AI: Meet the Shapeshifter

The COVID-19 pandemic not only changed the way we work and live, it also unleashed a wave of fraud unlike anything we've seen before.

Mary Ann Miller
July 18, 2024
Company News
Introducing Prove Link™ – Unlocking the Power of Identity for Any Business

To continue achieving our mission of accelerating trusted interactions on the internet, we’re proud to announce the introduction of the Prove developer self-service platform and the Prove LinkTM SDK. With these tools, it’s now faster and easier for any company to integrate our industry-leading identity technology into its brand operations.

July 16, 2024
Company News
Combating Deepfakes: Leveraging Phone-Centric Identity℠ Verification to Overcome Media-Based Vulnerabilities

Identity verification systems that depend on image or audio samples for digital customer onboarding are increasingly vulnerable to deepfake attacks.

Tim Brown
July 5, 2024