Article 4 min

Fighting fraud using multi-factor authentication solutions

multi-factor authentication solutions

In an online world filled with fakes and frauds, how can you tell what’s real? If you’re a business needing to distinguish a legitimate person from a fraudster, identity authentication helps determine if they are who they say they are. Using multi-factor authentication (MFA) — multiple layers of identity authentication information — reduces fraud risk, builds trust, and helps businesses more safely conduct business with customers.

One widely used MFA solution is using a mobile number for verification. That’s because mobile numbers are:

  • Widely available — currently, 62% of the world’s population has a mobile phone
  • Easily accessible — people often have their phones with them at all times
  • Convenient and straightforward to use

No wonder sending a text message with a code to a person is a very popular and accepted MFA method.

Mobile number for verification

The mobile number verification process involves:

  1. The person provides their phone number
  2. A text message (SMS) is sent to the phone number with a unique, time-sensitive passcode
  3. The person is authenticated if they enter the correct passcode

While simple, the process provides one element of strong customer authentication (SCA), something the person has. By entering the unique, time-sensitive passcode, the person confirms mobile ownership.

When used with another layer of authentication, mobile number verification does pass the EU requirements for SCA. While many businesses don’t need to comply with SCA legally, the requirements provide an intelligent goal for authentication; using multiple channels provides a more robust security model than relying on only one element.

Verification and authentication

Using a mobile number for verification only indicates that the person has access to that number. A mobile number can be activated under a fake or synthetic identity, and can be easily created on internet-based phone and text services (for example, VOIP), often without any ID requirements. If a company chose to only use a mobile check for verification, they would run a high risk of authenticating bad actors.

Verifying the legitimacy of a person — confirming they actually exist — is fundamental to ensuring that authentication is accurate and effective. Gathering identity data helps establish the legitimacy of the mobile number. This cross-referenced information then provides a solid basis for authentication: precise identity data with an authenticated mobile number delivers increased assurance.

Identity MFA

Trulioo now provides Identity MFA as an added layer of authentication on top of GlobalGateway Identity Verification. Identity MFA is a real-time identity authentication service that builds upon the extensive identity verification capabilities in GlobalGateway. As it works only on real mobile numbers, Identity MFA filters out bad actors who use VOIP services.

By adding this authentication layer, bad actors face extra friction to establish, use or modify an account, while legitimate accounts can quickly continue with their activities unimpeded. The additional Identity MFA step strengthens your identity verification results and delivers:

  • Identity proofing, verifying and authenticating a user’s claimed identity
  • A low-friction authentication experience for good customers

For account opening purposes, or even on every login, Identity MFA is an additional layer of security to help prevent fraud, account takeover and other damaging activities.

While consumers have significantly increased their use of digital services during the pandemic, they have also become more concerned about the associated risks of online fraud and identity theft. A Trulioo study, New Fraud Threats in the Digital-First World, found that when opening a new account, 71% of people cite security as the most important consideration.

Fortunately, the use of one-time passwords is a low-friction process that is well understood and accepted by consumers. The study found that 92% of consumers are (at least) somewhat familiar with one-time passwords, and 86% found them to be convenient. Consumers also feel that OTP is secure, with 86% responding positively.

Two-factor authentication is similarly seen as familiar, convenient and secure by consumers with 81% stating familiarity with this method, 86% considering it secure, and 75% reporting that it’s convenient.

Two-factor authentication - secure and convenient

Identity MFA works efficiently with other Identity Verification workflows and is easily integrated and configured in less than a day. It’s another example of how Trulioo enables our customers to take a layered approach to identity verification. A layered approach allows for flexible screening and onboarding workflows for the right customer at the right time. If you’re looking to customize your risk-based approach, combining different data sources or GlobalGateway solutions helps create a holistic and high-confidence identity verification process.