Zoe Barber
Published on: February 10, 2022
KYC – you may hear this abbreviation regularly, but how can you truly know your customer’s identity when their information changes? Customers move house, swap emails, get new jobs, and in some cases, have no legitimate ID. In addition, it is not uncommon for younger generations to have no credit scores or loans, and in the UK at least, identity cards are not statutory. As such, organisations across varying sectors often struggle to quickly verify mobile identity. Companies need identifiers to regulate commerce securely and efficiently.
Before the rise of mobile, a customer’s username would act as a digital identity, combined with a password verifying them as the account holder. The issue here is usernames do not legitimise identity in any substantive way. Who is ‘Catlover1966’? How can we be sure they want the service we are about to sell? Without a government ID, companies were forced to find their own metrics for identity. As the mobile market expanded, so did the concept of mobile numbers as a superior method of identification.
As requirements for security measures increased, companies requested names, addresses, telephone numbers, and when needed, much more cumbersome identifiers such as photos of passports, fingerprints, utility bills, or driver’s licenses. These all had their own distinct problems; either the data was frequently outdated, or required forfeiting convenient customer experience. With the advancement of technology, people started picking up their phones to interact with banks and shops – organisations realised the utility of incorporating mobile network operator data into their sign-up, sign-in, and purchase processes.
Thanks to number porting, customers were carrying their numbers from one contract to the next. More than 95% of their customers had mobile numbers – a number even higher today – these could act as hand-held validating devices which they always had access to. Companies were potentially able to indefinitely attach a number to an individual, making the mobile number an excellent proxy for identity. More recently, phones have become authentication devices, meaning they are both a form of identity and a means of verifying that identity combined. Customers signing up with numbers could then log in by verifying themselves with that same number and device.
Finding an electric bill, scanning it, and sending it through is a laborious process which is more likely to end with customers deciding to go elsewhere for their services. The same concept applies to passport or driving license verification; however, customers were happily giving up their mobile numbers during the sign-up process as it required minimal extra effort. This provided a strong level of security, whilst simultaneously ensuring onboarding processes remained quick. You might think this all sounds like an easy decision for verification protocol; however, mobile numbers are by no means perfect.
By 2015, numbers had become a primary indicator of identity; an identity which is often publicly available – making it a prime target for fraudsters. SIM-swap fraud is where a scammer calls your MNO (Mobile Network Operator) in an attempt to move your SIM card data over to a new one. MNOs struggle to differentiate genuine SIM swaps from fraudulent ones, meaning scammers can gain access to your SMS messages and calls. SIM swapping incidents have been steadily rising since 2015 and have cost the customer more than £10 million. OTPs (One Time Passcode) are becoming commonplace when making financial transactions or when signing up to sites. If fraudsters have swapped your SIM card to their device, they will receive your OTP – providing them free reign over your accounts, including the ability to move money. Mobile numbers are tied so heavily to identity that it is crucial they remain uncompromised. Sometimes, however, this is not always possible. SIM-swap fraud is how Twitter CEO Jack Dorsey lost access to his Twitter account in 2019. Even security experts have had mobile numbers, passwords, and email addresses exposed online.
With mobile becoming the preferred method of communication for most, the use of mobile devices in identification and verification is inevitable. And, despite the emerging opportunities for fraudsters in this quickly advancing industry, the power of the data is irrefutable. However, the solution is not as simple as utilising biometrics and authenticator apps – the data held by the operators themselves is an extremely powerful tool. By checking, in real-time, certain data is as expected, organisations can quickly and effortlessly identify and authenticate both new and existing customers. Every mobile number has information attached that paints a clear history and pattern of behaviour. These are explicit indicators that can be studied to come to a reliable decision on whether the number is safe or not. Some examples of data stored by MNOs include contract details; whether the number is in use; whether it has been ported or forwarded; or whether the phone has been marked as lost or stolen. If a device is registered as lost or stolen, for example, any bank transfers, purchases, or sign-ins should be treated as extremely suspicious and should lead to a denial of service. Being able to deny access based on this data saves companies’ and customers’ time and money.
An underutilised but important example of MNO data is whether the number has been recycled. MNOs re-use inactive mobile numbers for a new customer in as little as a month. This opens a whole host of problems for companies looking to keep on top of their KYC, onboarding, identification, verification, and billing processes. Number databases become out of date very quickly; OTPs or sensitive information could be going to strangers, 2FA could lock genuine customers out, and the wrong person could be billed for services they did not consume. With number recycle checks, companies can be sure they are able to market to and contact genuine customers, saving time and money, all while keeping their genuine customers’ information private. Companies such as TMT ID have access to use this data for a brief period during critical points in an online journey and have built an easy-to-use framework for their customers to understand it too. The MNO datasets are extremely difficult for fraudsters to feign; therefore, working closely with MNOs gives you an informed assessment of the legitimacy of your users – and leaves customer experiences undisturbed – leaving you certain you know who you are dealing with in 2022.
Last updated on September 18, 2024
"Phone number verification plays a critical role in helping to detect and prevent online fraud. TMT ID’s TeleShield product provides easy access to global mobile data, enabling us to enhance the actionable results of our MaxMind minFraud® services."
"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”
"Working with TMT’s TeleShield service has expanded our ability to detect fraud and minimise the risk to our business. TeleShield brings peace of mind and the opportunity to stop fraud before it affects our customers’ bottom line or the service."
"LATRO relies on TMT’s TeleShield to provide the most up to date and reliable numbering qualification information within our fraud reporting tools, enabling us to protect our customer’s revenues and empowering them to defend themselves against fraudulent numbers."
"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."
"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."
"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."
"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."
"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."
We provide the most comprehensive device, network and mobile numbering data available
Contact us > Chat to an expert >
