Authenticate confirms the device connecting with your business has the same identity you expect (i.e.telephone number). It does this using data from the Mobile Network Operator that is encoded onto the SIM card contained within the phone. This cannot be copied or reproduced. Note that it is not authenticating the physical identity of the phone user, since it assumes that most modern smartphones will have other means (i.e. biometrics) to provide that function. Any fraudster attempting to copy attributes of the device to a new device that is under their control (i.e. cloning) will not be able to access the service.
On all Smartphones YES. Clearly the device needs to be internet enabled to make the authentication URL call.
The user obviously, but you don’t necessarily need to have them do that every time. When you detect a login request from a given account, you can always provide Authenticate with the number that you are holding on file for that account to authenticate against.
YES, although you can’t force the handset off Wi-Fi if you are talking to the end user using a standard browser, only an APP.
No. There are multiple layers of protection built into the service and the data used by the operator to authenticate the device is not something that is publicly available or able to be cloned. Devices can still be potentially susceptible to SIM Swap fraud however because a SIM Swap is a social engineering type fraud and once executed the operator considers the new SIM to be correct. Therefore, where possible TMT still recommend performing regular SIM Swap checks.
No. When the number is authenticated a unique code is generated that logs the number that has been positively authenticated and the time that it was done. This is checked with both the operator and with TMT ID. If a handset tries to log in and presents what appears to be a positive token, it will only be allowed to proceed if the mobile operator has a record of that number being authenticated recently, otherwise it will still be declined.
You don’t need to. Through our core data platform, TMT ID know the correct network for any number in the World, even taking into account consumers moving (porting) between networks. The first thing we do with a number that requires authentication is check network ownership. This also allows you to instantly detect fake or incorrect numbers before incurring any further costs.
The answer depends heavily on the operator and what country they are in, but typically a full authentication flow takes between 2 and 5 seconds. Don’t forget that silent authentications require no user input so the total time taken will normally be much lower than SMS OTP.
We provide the most comprehensive device, network and mobile numbering data available
Contact us > Chat to an expert >