Why SMS verification isn’t a good idea
June 12, 2019
SMS verification has become increasingly popular over recent years, to ensure a high level of security when validating a customer’s account.
By utilising a customer’s phone number to validate their account allows a business to ensure that the phone number given is active and is also accessible by the customer. This method of validation has become more popular than email verification recently – but should businesses solely rely on SMS verification?
SMS verification can be one of two things. The first of these is a business send a text message to the phone number provided on a customer’s profile which then allows them to click a URL link in the text message to verify their account. The second of which is classed as two-factor authentication (2FA) and sends a text message with a verification code which then has to be typed in by the customer to allow them to log in or verify their online account upon registration.
The problems with SMS verification
It’s simple to carry out fraud attacks with SMS verification as there are a number of security problems linked to it.
A fraudulent customer could easily buy a Pay As You Go (PAYG) SIM card which they use once before never using again – this would allow the customer to put that phone number into a registration process, verify their account using that number, and then get rid of the SIM card. As it is a PAYG, the number wouldn’t necessarily be registered to the customer so there is also no proven link between the phone number and the customer.
Attackers can easily access text messages through a number of means, such as if they know your phone number and some of your personal details (which could have been accessed via the Dark Web) then they could contact your mobile phone provider asking for a new SIM card to be sent out under your phone number – this is known as SIM swapping.
There are also clear benefits of SMS verification, such as account recovery, additional security features and it is available globally.
There are 4.68 billion mobile phone users worldwide – truly proving that businesses can utilise SMS verification as a global solution. Having the knowledge that so many customers have a mobile phone will allow businesses to take into account the customer convenience of SMS verification, ensuring a frictionless user journey.
Looking to alternative solutions
By utilising alternative verification solutions could significantly enhance your processes, ultimately resulting in better results for your business.
With alternative verification checks, such as digital verification, businesses are given the confidence to believe that the individual is genuinely who they say they are, whilst verifying an individual’s identity in less than 5 seconds, with two clicks.
How we can help
Gain identity confidence with Acuant’s global identity verification solution, Profile iD, which allows businesses to verify their customer’s identity in just two clicks utilising digital and alternative data.