Michael McDonagh
Published on: July 16, 2024
Imagine you are going to a big concert in London.
You booked the tickets weeks ago and assume that they’ll be on an attachment in your email inbox. But you’re running late and can’t get a signal to check while you’re rushing there on a train. Then, when you get off the train, you see you have ten WhatsApp messages from the friend you’re meant to be meeting, asking where you are and worried you’ll miss the beginning of the show.
You start walking briskly from the station to the venue while checking your phone. It’s dark and it’s raining. And your heart sinks as you realise that you haven’t got an email attachment at all. Instead, you need to upload an app and download your tickets onto it in order to get in.
Now here’s a ‘sliding doors’ scenario for you – alternative ways this scene plays out:
Version one: While rushing along the pavement, you go onto the App Store, search for the venue’s icon and install it. This goes ok. But then it wants you to create an account. And then it wants you to verify your details via two-factor authentication. But your phone’s screen is getting wet and less responsive. And just at the exact moment, the SMS appears on your screen with its six-digit number for you to verify – your phone rings. It’s your friend asking where the hell you are. And by the time you’ve placated him and gone back to your SMS inbox to retrieve the number, you’ve been timed out. You try to request another code but by now your phone is so wet nothing is working. You have to get under shelter and do it all again. You do miss the beginning of the show. Your friend is furious.
Version two: You are rushing down the street in the dark to the venue. You find the app relatively quickly and install it relatively easily. You manage to enter your email and phone details – and to your pleasant surprise both your and your friend’s tickets appear in your new account’s basket a second later. You meet your friend, apologise profusely for being late, get past the bouncers and are just coming back from the bar with drinks when the band comes on stage. A top night ensues. Your lateness is forgotten before the first song is over.
In both these scenarios, the ticketing company and/or venue have the same intention: they want to ensure that the person getting in is the same person who purchased the tickets. With so much scandal around reselling concert tickets and ramped-up tout prices, they are under enormous pressure to be careful on this. And then this particular show is licensed for over-18s only and they’ll want to know you’re an adult too.
What’s intriguing about the way they go about trying to achieve this is that the second version – the one with the happy ending – is actually, if anything, more likely to provide a secure check against fraudulent access than the more fiddly first version.
Because two-factor authentication – or 2FA as it’s more commonly known in industry jargon – is no longer the only way to achieve the same goal.
Don’t get me wrong though – I don’t want to knock 2FA. I’m a long-time fan. It has made a huge difference in enhancing digital security and is accepted by users without complaint. It is and remains highly effective as well as cheap, instant and straightforward – as there is nothing for the customer to download or install – and can be delivered anywhere in the world super fast.
But we are getting to a place where alternatives can actually be both more secure and easier. They may even be cheaper too. And they can sometimes – as in the concert scenario I outlined above – be more convenient.
So how does this alternative to 2FA work?
Well, put very simply – rather than checking the user, we can now authenticate the device they are using instead. And the key to being able to do this is their SIM credentials.
Each mobile device has a SIM with a unique non-public-facing serial number – akin to the chassis number on an individual car. And it’s now possible to check in a fraction of a second that a customer logging on or signing up is doing so from a SIM that corresponds with the number that is registered against their profile.
And, because those Sim credentials are not visible to hackers, that means the process is potentially even more secure than 2FA, which can be breached by fraudsters if for example they can successfully carry out a hack like ‘Sim swap’ which allows them to receive those one-time pass codes.
Admittedly 2FAs are in the normal run of events hardly in any way an inconvenience – as in my extreme concert scenario – but in a competitive market, removing any barrier or delay to sign-up or platform access, however small, can be enough to retain customers and stop them going to another supplier.
So it is worth looking at alternatives to 2FA as you move forward.
If what’s coming is quicker, smoother and more secure – and costs you less too – then maybe it’s time to change.
Last updated on September 18, 2024
Mobile customer verification by Authenticate securely links the mobile device that you are communicating with to the number’s live status, reducing fraud and friction during login
Check It Out"Phone number verification plays a critical role in helping to detect and prevent online fraud. TMT ID’s TeleShield product provides easy access to global mobile data, enabling us to enhance the actionable results of our MaxMind minFraud® services."
"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”
"Working with TMT’s TeleShield service has expanded our ability to detect fraud and minimise the risk to our business. TeleShield brings peace of mind and the opportunity to stop fraud before it affects our customers’ bottom line or the service."
"LATRO relies on TMT’s TeleShield to provide the most up to date and reliable numbering qualification information within our fraud reporting tools, enabling us to protect our customer’s revenues and empowering them to defend themselves against fraudulent numbers."
"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."
"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."
"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."
"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."
"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."
We provide the most comprehensive device, network and mobile numbering data available
Contact us > Chat to an expert >
