What Is Mobile Phone Verification?
Mobile phone verification focuses on validating phone numbers at every stage of the customer lifecycle — including account creation, transaction authentication, and ongoing customer engagement activities — to decrease the potential for compromised security. And with billions of mobile phone numbers registered worldwide, the mobile phone number is the ultimate way to verify user identity.
How Does Mobile Phone Verification Work?
It’s simple — instead of requiring a user’s email address when they open a new account, phone number verification adds an extra layer of protection by asking the user to supply their phone number.
Here’s how phone verification typically works: A new user who downloads an app and registers a new account is sent a one-time passcode — a time-sensitive numerical code — via a messaging service such as SMS, WhatsApp, or by email, or in a voice message, which they then type back into the application to prove their identity and complete the registration process. Since phone numbers are universal, and nearly all mobile phones can receive text messages, a verified phone number is a globally accessible and relatively inexpensive security solution.
Best Times to Use Verified Phone Numbers
Here are some user management best practices where mobile phone verification can increase security and boost customer acquisition and retention:
Authenticate registrations: When a new user registers for your application, phone verification can help authenticate identity, ensuring your new user is who they claim to be. This step also links the user and their device.
Authorize upgrades: Many applications employ a “freemium” model, meaning the basic app is free to use but a premium version can be accessed via a paid upgrade. Providing a message with a one-time passcode to verify mobile users and their intent to upgrade can help reduce mistaken or fraudulent downloads.
Reset passwords: When a user logs in to an app from an unknown or alternative device (i.e. with a different IP address from the one registered in their profile) and requests a password reset, sending a one-time passcode to verify the user’s identity can help reduce fraud and identity theft. For example, Gmail uses this process to verify your identity via your mobile phone number whenever a login attempt originates from an unknown device.
Reactivate users: When a user of an application or website attempts to sign in after a long period of inactivity, a mobile phone verification process can help ensure once again that your user is genuine and not a hacker or spammer.
Refresh user details: Changes in user profile information should always be confirmed with a simple message to the mobile device linked to an account. This step will verify the change. Ensuring that changes have been initiated by the account owner is not only essential for security but also for accurate information delivery to users. For instance, an airline can share important flight updates with customers only if they have current contact information.
Authenticate transactions: Confirming transactions with real-time communications significantly reduces costly fraud resolution. Requiring authentication of users at this critical moment via mobile phone verification is effective at reducing suspicious activity; that’s why many payment and ecommerce applications and websites require authentication of transactions with a one-time password sent via SMS.
What Are Security Alternatives to Phone Verification?
While some of these alternatives may suit specific scenarios, they all have negatives for applications requiring global access and a high level of security.
Passwords: You can always stick with the tried-and-true — except that passwords are tried and not-so-true. Their vulnerabilities are well known. Although hacker technologies and tools grow increasingly sophisticated every year, the easiest way to hack is still cracking the password. According to Finances Online, 81% of company data breaches are caused by poor passwords (this vulnerability is one of the reasons why mobile phone verification came about), while using a multi-factor authentication solution can block 99.9% of all attacks.
Another factor to consider is that people are often overwhelmed by the number of passwords they typically need to remember, and they address this challenge by choosing dangerously common passwords that they (and hackers) will find simple to remember or figure out when they forget.
Biometrics: Using measurable human traits and characteristics — like fingerprints, faces, or voices — can be an effective way to verify a person’s identity. But these solutions are expensive and not yet universally adopted.
Social network and email logins: These methods offer a number of attractions — there’s an increasing demand for social logins; they can relieve password fatigue caused by the hassle of having to reset an account; they’re mobile friendly; and more. But social logins can be hard to remember, not all customers are on social media, and such logins can be easily faked, resulting in bulk registrations.
ID tokens: An ID token is a sort of digitally encoded signature that proves that the user has been authenticated. They are widely used to provide authorization and authentication to users when they access a website or a mobile application. But tokens come at an additional cost and are easily lost.
Mobile Phone Verification in Action
Want to learn more about how mobile phone verification can increase security and mitigate the risk of fraud and spam for your application or website? Read how pre-owned clothing marketplace Vinted proactively blocked fraudulent users from completing transactions using the Vonage Verify API.