Back to All Blogs
Mobile Validate will ensure SMS verification for SCA actually works
Identity

Mobile Validate will ensure SMS verification for SCA actually works

August 9, 2019

New requirements for authenticating online payments have been introduced in Europe as part of the second Payment Services Directive (PSD2).

The new regulations, put in place to prevent fraud, require customers to use an access code sent to their mobile phone. The number must be entered at checkout to confirm payment. It’s classed as two-factor authentication (2FA) to validate the customer and the transaction. 

The issues with SMS codes

The problem with this is, it’s easy to defraud the system. A fraudulent customer can buy a Pay As You Go (PAYG) SIM card and use the phone number for account registration and verification, and then get rid of the SIM card. As it is a PAYG, the number wouldn’t necessarily be registered to the customer so there is also no proven link between the phone number and the customer. 

Also fraudsters can access text messages through a number of means, such as if they know your phone number and some of your personal details (which could have been accessed via the Dark Web) then they could contact your mobile phone provider asking for a new SIM card to be sent out under your phone number – this is known as SIM swapping.

Making SMS verification safer with Mobile Validate

We offer Mobile Validate, which validates phone numbers and checks the number and details aren’t available on the dark web. We can confirm that the number is active, and verified, or flag that the number is blacklisted or suspect. The service returns associated subscriber, carrier and location information, and this can be done for individual numbers at point of entry on in batch. 

Find out more about Mobile Validate here

Email Validate for those without mobile phones

Equally, verification codes can be sent by email for those without mobile phones, however the same issues exist. As such we offer Email Validate, which validates an email address as active and legitimate, without sending it a message. We can check whether the address is a bot account or spam trap or suspect in any way, in order to validate its use for verification. 

Find out more about Email Validate here

Conclusion

As part of the new SCA regulations, mobile devices will be used to share authentication codes in an effort to reduce fraud, but to make this security step actually work mobile phone numbers will have to be checked. This can be done using Mobile Validate, to ensure it’s actually the customer using their card details to make transactions.

KYC/AML/KYB Compliance
Onboarding

Move Over Millennials, Gen Z is Banking Smarter: Why Banks and Fintechs Must be Mobile Centric to Capture the Market

August 14, 2019

It may be hard to believe but Generation Z, those born between 1996 and 2010, now hold up to $143 billion in spending power. This generation is heading off to college, getting their first job and buying their first car....

READ MORE
KYC/AML/KYB Compliance

What you need to know about PSD2 and Strong Customer Authentication (SCA)

August 6, 2019

Here we’ll tell you what online businesses need to know about the new regulations, and how we can help.  The PSD2 deadline of September 14th has passed, but some e-commerce companies still have time to implement SCA for online card...

READ MORE

Questions?

Let's Talk Support