Whenever I have to verify my phone number or mobile device, I get a slight feeling of anxiety. Will it work? Of course, most times it does, but every once in a while, that SMS OTP seems never to arrive.
As a user, my onboarding experience is ruined. I haven’t even started using the app or service yet, and it’s already not working as expected.
As a service provider, I risk losing the user, I lose resources on the SMS OTP service, and “every once in a while” is way too often for the code to never arrive.
Whatever type of service this is, it’s crucial that I verify my users’ mobile phone numbers. The users gain an additional layer of security, while the number of fake accounts created for fraudulent activities significantly decreases. It’s a clear win-win situation.
So, what should I do to maximize the effectiveness of phone verification?
Let’s start by discussing the existing phone verification landscape, before delving into good solutions available.
Mobile Phone Verification Technology of Today
With the increase in cybercrime, mobile phone verification has all but become the standard in various verticals, as it should. The most widely available mobile phone verification solutions today are the above mentioned SMS OTP, and header enrichment-based phone verification.
You’ve definitely used SMS OTP before, the most popular phone verification solution today used by around one-third of users. During registration or login, you type in your phone number, you receive your code over SMS, and you verify your phone with that code.
SMS OTP is far from the ideal user experience which is where HTTP header enrichment-based phone verification enters the picture.
HTTP header enrichment-based is also known as silent mobile verification because it offers a great user experience. It works by adding data fields such as the phone number, and other user and device identifiers in the HTTP header. The user and their mobile phone number is verified with one-click in a second without interrupting their user experience.
However, while widely used, it’s clear from the get-go that these two phone verification solutions come with serious trade-offs – so much so, that I would argue they simply aren’t good enough for today’s security standards.
Why SMS OTP and Header Enrichment-Based Phone Verification Aren’t Good Enough
SMS OTP and HTTP header enrichment have been around for a long time without any major changes to the technologies themselves, so concerns that they have been overrun with time are a given.
SMS OTP has a less-than-ideal user experience. The users type in their phone number, they wait for the SMS to arrive, retype the code, and only then can they continue to use the app.
More importantly, security isn’t among the advantages of SMS OTP anymore either. The SS7 technical flaws in the mobile network are frequently used for interception and rerouting of SMS messages that contain OTPs.
These issues are just part of the reason that SMS OTP for verification and authentication has been called a deprecated authentication solution for some time now.
Many SMS OTPs never get delivered, although all of them are paid for. One of our newest partners, CarGo used to experience 12% unsuccessful OTP deliveries over SMS.
Not only do those unsuccessful deliveries represent a direct loss on the user onboarding investment, but the bad onboarding experience from the end-user side can result in an up to 40% sign up drop off that negatively impacts both the bottom line and your brand image. And this is before the user even starts using the app!
On the other hand, the main competitive advantage of HTTP header enrichment is the great user experience – there is absolutely no action required from the user.
However, the technology itself is not nearly secure or private enough. The HTTP header and the user data in it aren’t encrypted in any way, and it’s easily readable by humans. That means that your phone number, SIM card, and device data are easily accessible by anyone, therefore posing significant security risks.
To top it all off, the tech giants Apple and Google have been announcing plans on banning any HTTP request made to their devices for years now, so it’s only a matter of time.
With that in mind, let’s talk about IPification, the solution I am confident is the best phone verification option today and in the future.
‘How IPification Provides Top-Notch Security With A Great Onboarding Experience
Before explaining the technology itself, why not explain the CarGo example further?
CarGo is one of the most innovative mobile apps in Easter Europe. It provides ride-hailing and food delivery services for more than 1 million users, and they plan on becoming a fintech super app in the near future.
With that number of users, CarGo faced a problem with the SMS OTPs they used for phone verification. It turned out to be quite costly, while the unsuccessful deliveries contributed to user churn and negative reviews on the app stores.
From the user perspective, the user experience is seamless. They don’t have to use any other app, any code, or type any password. Their phone number is verified with one single click with a 100% success rate.
So, how does it work?
IPification assigns a unique mobile identity key to each user based on their phone number, SIM card, and device data without actually transferring any of it over the network so that it stays secure and private. Since it only verifies users according to their complete mobile ID key, fraudulent activities such as SIM swap aren’t a problem either.
Here at IPification, we’re building the backbone for mobile authentication of today and tomorrow via cutting edge technology, and onboarding more and more MNO and service provider partners each day.
Do you want to join us? Schedule a call with us.